Jon Beilke
Jon Beilke
In order to meet the AWS Foundational Security Best Practices we need to have a WAF ACL on our API Gateway stages, but Chalice does not currently support this AFAICT....
Attempting to enhance some of the features/functionality of Chalice with Terraform during our deploys, but we're limited because Chalice does not expose the API Gateway stage (ie. for associating a...
### Describe the feature AWS now supports marking AMIs for deprecation, and it would be helpful if we could do this with Cloud Custodian to automatically deprecate outdated and unused...
API Gateway supports adding a WAF to API stages in order to control access to the API, but moto is missing support for the webAclArn parameter in the API Gateway...
**Describe the bug** Inspec failure on Ubuntu 20.04 systems due to APT overriding permissions on `/var/log/apt` files and CIS 4.2.3: ``` ubuntu2004-ami: × cis-dil-benchmark-4.2.3: Ensure permissions on all logfiles are...
Certain CIS criteria note that file permissions should be "### or more restrictive", but the InSpec controls only support the listed mode, for example: - CIS 6.1.3 "verify Access is...
The regex used in the PAM controls works well with simple PAM syntax like so: `password sufficient pam_unix.so sha512` But fails with the more complicated bracket syntax: `password [success=1 default=ignore]...
**Describe the Issue** The tasks for CIS 5.5.4 are inconsistent (some use `lineinfile` and some use `replace` which results in some files not having the proper umask added if a...
When managing multiple AWS accounts it would be really helpful to be able to use Inspec to verify the limits/quotas in place via the new Service Quotas API: https://aws.amazon.com/blogs/mt/introducing-service-quotas-view-and-manage-your-quotas-for-aws-services-from-one-central-location/ ##...
### Community Note * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request * Please do...