aws-guard-rules-registry
aws-guard-rules-registry copied to clipboard
Rules Registry for Compliance Frameworks
### What is the problem? This rule ([ec2_ebs_encryption_by_default.guard](https://github.com/aws-cloudformation/aws-guard-rules-registry/blob/main/rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard) does not check it EBS encryption is enabled by default, as this is not something that can be set in a Cloudformation...
### link to reference doc page https://github.com/aws-cloudformation/aws-guard-rules-registry/blob/main/README.md ### Describe your issue? I don't understand how you're supposed to use the managed rulesets. The documentation isn't straightforward at all. If I...
### What is the problem? I'm using [iam_policy_no_statements_with_full_access.guard](https://github.com/aws-cloudformation/aws-guard-rules-registry/blob/main/rules/aws/iam/iam_policy_no_statements_with_full_access.guard) to validate my CloudFormation template. I'm trying to suppress the rule for one of my managed policies, but it seems to get...
### What is the problem? The rule https://github.com/aws-cloudformation/aws-guard-rules-registry/blob/main/rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard is overly permissive. Following the main points: - The rule checks only for Effect==Deny and Condition Bool.'aws:SecureTransport' == false. It should also...
### Description Control Tower's [ProActive Controls](https://docs.aws.amazon.com/controltower/latest/userguide/proactive-controls.html) are implemented using cfn-guard and CloudFormation hooks. It would be great if pro-active could also be "while writing templates" ### Use Case Organizations enabling...
### What is the problem? The [rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard](https://github.com/aws-cloudformation/aws-guard-rules-registry/blob/main/rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard) rule only works if there is a bucket policy present. But if I define a bucket with no bucket policy, then the rule...
### What is the problem? False positive 'RDS_STORAGE_ENCRYPTED' when 'AWS::RDS::DBClusterParameterGroup' is defined in template. ### Reproduction Steps 1. Example rules and template that results in the error ``` { "Resources":...
### link to reference doc page https://github.com/aws-cloudformation/aws-guard-rules-registry/blob/main/docs/Using-Guard-Rules-Registry.md ### Describe your issue? Reopen #206 The documentation states that the image is available at `docker pull public.ecr.aws/r7q6h7y6/guard:1.0.1`. But the guard repository does...