aquasecurity · simar7 · May 16, 2024 · Apr 22, 2024 · Apr 22, 2024 · Apr 22, 2024
@@ -3,7 +3,7 @@ Enable Cloudtrail in all regions
 
 ```yaml---
 Resources:
-  BadExample:
+  GoodExample:
     Type: AWS::CloudTrail::Trail
     Properties:
       IsLogging: true

@@ -3,7 +3,7 @@ Use Customer managed key
 
 ```yaml---
 Resources:
-  BadExample:
+  GoodExample:
     Type: AWS::CloudTrail::Trail
     Properties:
       IsLogging: true

@@ -3,7 +3,7 @@ Turn on log validation for Cloudtrail
 
 ```yaml---
 Resources:
-  BadExample:
+  GoodExample:
     Type: AWS::CloudTrail::Trail
     Properties:
       IsLogging: true

@@ -3,14 +3,14 @@ Enable encryption at rest for DAX Cluster
 
 ```yaml---
 Resources:
-  daxCluster:
+  GoodExample:
     Type: AWS::DAX::Cluster
     Properties:
       ClusterName: "MyDAXCluster"
       NodeType: "dax.r3.large"
       ReplicationFactor: 1
       IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
-      Description: "DAX cluster created with CloudFormation"
+      Description: "DAX cluster with encryption at rest"
       SSESpecification:
         SSEEnabled: true
 

@@ -2,8 +2,6 @@
 Add descriptions for all security groups
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of group description
 Resources:
   GoodSecurityGroup:
     Type: AWS::EC2::SecurityGroup

@@ -2,10 +2,8 @@
 Set a more restrictive cidr range
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of ingress rule
 Resources:
-  BadSecurityGroup:
+  GoodSecurityGroup:
     Type: AWS::EC2::SecurityGroup
     Properties:
       GroupDescription: Limits security group egress traffic

@@ -2,8 +2,6 @@
 Add descriptions for all security groups rules
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of SGR description
 Resources:
   GoodSecurityGroup:
     Type: AWS::EC2::SecurityGroup

@@ -2,8 +2,6 @@
 Specify the exact permissions required, and to which resources they should apply instead of using wildcards.
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of policy
 Resources:
   GoodPolicy:
     Type: 'AWS::IAM::Policy'

@@ -3,7 +3,7 @@ Enable tracing
 
 ```yaml---
 Resources:
-  Function:
+  GoodExample:
     Type: AWS::Lambda::Function
     Properties:
       Handler: index.handler

@@ -28,7 +28,6 @@ Resources:
       Action: lambda:InvokeFunction
       Principal: s3.amazonaws.com
       SourceArn: "lambda.amazonaws.com"
-
 
 ```
 

@@ -2,16 +2,13 @@
 Enable audit logging
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Broker:
+  GoodBroker:
     Type: AWS::AmazonMQ::Broker
     Properties:
       Logs:
         Audit: true
 
-
 ```
 
 
@@ -2,16 +2,13 @@
 Enable general logging
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Broker:
+  GoodBroker:
     Type: AWS::AmazonMQ::Broker
     Properties:
       Logs:
         General: true
 
-
 ```
 
 
@@ -2,15 +2,12 @@
 Disable public access when not required
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Broker:
+  GoodBroker:
     Type: AWS::AmazonMQ::Broker
     Properties:
       PubliclyAccessible: false
 
-
 ```
 
 
@@ -2,10 +2,8 @@
 Enable in transit encryption
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::MSK::Cluster
     Properties:
       EncryptionInfo:

@@ -2,10 +2,8 @@
 Enable logging
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::MSK::Cluster
     Properties:
       LoggingInfo:

@@ -2,10 +2,8 @@
 Enable at rest encryption
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::MSK::Cluster
     Properties:
       EncryptionInfo:

@@ -2,17 +2,13 @@
 Enable export logs
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::Neptune::DBCluster
     Properties:
       EnableCloudwatchLogsExports:
         - audit
 
-
-
 ```
 
 
@@ -2,16 +2,13 @@
 Enable encryption of Neptune storage
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::Neptune::DBCluster
     Properties:
       StorageEncrypted: true
       KmsKeyId: "something"
 
-
 ```
 
 
@@ -2,16 +2,13 @@
 Enable encryption using customer managed keys
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Cluster:
+  GoodCluster:
     Type: AWS::Neptune::DBCluster
     Properties:
       StorageEncrypted: true
       KmsKeyId: "something"
 
-
 ```
 
 
@@ -2,15 +2,12 @@
 Explicitly set the retention period to greater than the default
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       BackupRetentionPeriod: 30
 
-
 ```
 
 
@@ -2,16 +2,13 @@
 Use Customer Managed Keys to encrypt Performance Insights data
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       EnablePerformanceInsights: true
       PerformanceInsightsKMSKeyId: "something"
 
-
 ```
 
 
@@ -2,16 +2,13 @@
 Enable encryption for RDS clusters
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of rds sgr
 Resources:
-  Cluster:
+  GoodExample:
     Type: AWS::RDS::DBCluster
     Properties:
       StorageEncrypted: true
       KmsKeyId: "something"
 
-
 ```
 
 
@@ -2,10 +2,8 @@
 Enable encryption for RDS instances
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of rds sgr
 Resources:
-  Instance:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       StorageEncrypted: true

@@ -2,10 +2,8 @@
 Enable performance insights
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       EnablePerformanceInsights: true

@@ -2,15 +2,12 @@
 Remove the public endpoint from the RDS instance.
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::RDS::DBInstance
     Properties:
       PubliclyAccessible: false
 
-
 ```
 
 
@@ -2,15 +2,12 @@
 Add descriptions for all security groups and rules
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of redshift sgr
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::Redshift::ClusterSecurityGroup
     Properties:
       Description: "Disallow bad stuff"
 
-
 ```
 
 
@@ -2,16 +2,13 @@
 Enable encryption using CMK
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of redshift cluster
 Resources:
-  Queue:
+  GoodExample:
     Type: AWS::Redshift::Cluster
     Properties:
       Encrypted: true
       KmsKeyId: "something"
 
-
 ```
 
 
@@ -2,15 +2,12 @@
 Deploy Redshift cluster into a non default VPC
 
 ```yaml---
-AWSTemplateFormatVersion: 2010-09-09
-Description: Good example of redshift cluster
 Resources:
-  Queue:
+  GoodCluster:
     Type: AWS::Redshift::Cluster
     Properties:
       ClusterSubnetGroupName: "my-subnet-group"
 
-
 ```
-Original file line number
+Diff line change
@@ Expand Up / @@ -28,7 +28,6 @@ Resources: @@
           Action: lambda:InvokeFunction
           Principal: s3.amazonaws.com
           SourceArn: "lambda.amazonaws.com"
     ```
@@ Expand Down @@