Fix Operational-Best-Practices-for-BNM-RMiT.yaml #417
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…evant to the security controls in RMiT 2/ CLOUD_TRAIL_ENCRYPTION_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED 3/ DYNAMODB_IN_BACKUP_PLAN; removed due to duplication with DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN 4/ EBS_IN_BACKUP_PLAN; removed due to duplication with EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN 5/ EFS_IN_BACKUP_PLAN; removed due to duplication with EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN 6/ ELASTICSEARCH_ENCRYPTED_AT_REST; removed due to the rule is only applicable to legacy ElasticSearch domains 7/ ELASTICSEARCH_IN_VPC_ONLY; removed due to the rule is only applicable to legacy ElasticSearch domains 8/ ELASTICSEARCH_LOGS_TO_CLOUDWATCH; removed due to the rule is only applicable to legacy ElasticSearch domains 9/ ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK; removed due to the rule is only applicable to legacy ElasticSearch domains 10/ ELB_ACM_CERTIFICATE_REQUIRED; removed due to the rule is only applicable to Classic Load Balance resources 11/ ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED; removed due to the rule is only applicable to Classic Load Balancer resources 12/ ELB_TLS_HTTPS_LISTENERS_ONLY; removed due to the rule is only applicable to Classic Load Balancer resources 13/ IAM_GROUP_HAS_USERS_CHECK; removed due to duplication with IAM_USER_GROUP_MEMBERSHIP_CHECK 14/ IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS; removed as IAM_NO_INLINE_POLICY_CHECK is more restrictive 15/ IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS; removed due to the rule could be too restrictive for some customers 16/ INCOMING_SSH_DISABLED; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS 17/ INSTANCES_IN_VPC; removed due to the rule is only applicable to EC2 Classic instances 18/ LAMBDA_DLQ_CHECK; removed as Lambda Destination is the preferred configuration 19/ MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS; removed due to duplication with IAM_USER_MFA_ENABLED 20/ MULTI_REGION_CLOUD_TRAIL_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED 21/ RDS_IN_BACKUP_PLAN; removed due to duplication with RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN 22/ RESTRICTED_INCOMING_TRAFFIC; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS 23/ S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED; removed due to duplication with S3_BUCKET_PUBLIC_READ_PROHIBITED and S3_BUCKET_PUBLIC_WRITE_PROHIBITED 24/ S3_BUCKET_REPLICATION_ENABLED; removed due to duplication with S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN
jacktobi
approved these changes
Oct 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
1/ ALB_HTTP_DROP_INVALID_HEADER_ENABLED; removed as the rule is irrelevant to the security controls in RMiT
2/ CLOUD_TRAIL_ENCRYPTION_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED
3/ DYNAMODB_IN_BACKUP_PLAN; removed due to duplication with DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN
4/ EBS_IN_BACKUP_PLAN; removed due to duplication with EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN
5/ EFS_IN_BACKUP_PLAN; removed due to duplication with EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN
6/ ELASTICSEARCH_ENCRYPTED_AT_REST; removed due to the rule is only applicable to legacy ElasticSearch domains
7/ ELASTICSEARCH_IN_VPC_ONLY; removed due to the rule is only applicable to legacy ElasticSearch domains
8/ ELASTICSEARCH_LOGS_TO_CLOUDWATCH; removed due to the rule is only applicable to legacy ElasticSearch domains
9/ ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK; removed due to the rule is only applicable to legacy ElasticSearch domains
10/ ELB_ACM_CERTIFICATE_REQUIRED; removed due to the rule is only applicable to Classic Load Balance resources
11/ ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED; removed due to the rule is only applicable to Classic Load Balancer resources
12/ ELB_TLS_HTTPS_LISTENERS_ONLY; removed due to the rule is only applicable to Classic Load Balancer resources
13/ IAM_GROUP_HAS_USERS_CHECK; removed due to duplication with IAM_USER_GROUP_MEMBERSHIP_CHECK
14/ IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS; removed as IAM_NO_INLINE_POLICY_CHECK is more restrictive
15/ IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS; removed due to the rule could be too restrictive for some customers
16/ INCOMING_SSH_DISABLED; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS
17/ INSTANCES_IN_VPC; removed due to the rule is only applicable to EC2 Classic instances
18/ LAMBDA_DLQ_CHECK; removed as Lambda Destination is the preferred configuration
19/ MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS; removed due to duplication with IAM_USER_MFA_ENABLED
20/ MULTI_REGION_CLOUD_TRAIL_ENABLED; removed due to duplication with CLOUDTRAIL_SECURITY_TRAIL_ENABLED
21/ RDS_IN_BACKUP_PLAN; removed due to duplication with RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN
22/ RESTRICTED_INCOMING_TRAFFIC; removed due to duplicate wirh VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS
23/ S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED; removed due to duplication with S3_BUCKET_PUBLIC_READ_PROHIBITED and S3_BUCKET_PUBLIC_WRITE_PROHIBITED
24/ S3_BUCKET_REPLICATION_ENABLED; removed due to duplication with S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN