diff --git a/guard-examples/encryption/dynamodb-table-sse.guard b/guard-examples/encryption/dynamodb-table-sse.guard index be94b3e04..d0b11dd72 100644 --- a/guard-examples/encryption/dynamodb-table-sse.guard +++ b/guard-examples/encryption/dynamodb-table-sse.guard @@ -1,18 +1,21 @@ -# -# Common rule, all resources must have Tags present on them -# -rule assert_all_resources_have_non_empty_tags { - Resources.*.Properties.Tags !empty -} - # # Select all DDB resources from the incoming template (payload) # let ddb = Resources.*[ Type == 'AWS::DynamoDB::Table' ] +# +# Common rule, DDB table resources must have Tags present on them +# +rule assert_ddb_resources_have_non_empty_tags +{ + # + # Ensure ALL DynamoDB Tables have tags + # + %ddb.Properties.Tags !empty +} # # Run this DDB rule when there are DDB table present and -# we PASSED the check that all resources did have tags in them +# we PASSED the check that DDB table resources did have tags in them # # Rule Intent: ALL DDB Table must have encryption at rest turned # on. @@ -23,7 +26,7 @@ let ddb = Resources.*[ Type == 'AWS::DynamoDB::Table' ] # c) FAIL if wasn't set for them # rule dynamo_db_sse_on when %ddb !empty - assert_all_resources_have_non_empty_tags + assert_ddb_resources_have_non_empty_tags { # # Ensure ALL DynamoDB Tables have encryption at rest turned on diff --git a/guard-examples/infrastructure-related/check-tags-present.guard b/guard-examples/infrastructure-related/check-tags-present.guard index 12b74c260..b6f869fb4 100644 --- a/guard-examples/infrastructure-related/check-tags-present.guard +++ b/guard-examples/infrastructure-related/check-tags-present.guard @@ -4,6 +4,543 @@ # let excluded_resources = [ /AWS::AmazonBroker/, + /AMZN::SDC::Deployment/, + /AWS::ACMPCA::Certificate/, + /AWS::ACMPCA::CertificateAuthorityActivation/, + /AWS::ACMPCA::Permission/, + /AWS::ARCZonalShift::AutoshiftObserverNotificationStatus/, + /AWS::ARCZonalShift::ZonalAutoshiftConfiguration/, + /AWS::AmazonMQ::ConfigurationAssociation/, + /AWS::Amplify::Domain/, + /AWS::ApiGateway::Account/, + /AWS::ApiGateway::Authorizer/, + /AWS::ApiGateway::BasePathMapping/, + /AWS::ApiGateway::Deployment/, + /AWS::ApiGateway::DocumentationPart/, + /AWS::ApiGateway::DocumentationVersion/, + /AWS::ApiGateway::GatewayResponse/, + /AWS::ApiGateway::Method/, + /AWS::ApiGateway::Model/, + /AWS::ApiGateway::RequestValidator/, + /AWS::ApiGateway::Resource/, + /AWS::ApiGateway::UsagePlanKey/, + /AWS::ApiGatewayV2::ApiGatewayManagedOverrides/, + /AWS::ApiGatewayV2::ApiMapping/, + /AWS::ApiGatewayV2::Authorizer/, + /AWS::ApiGatewayV2::Deployment/, + /AWS::ApiGatewayV2::Integration/, + /AWS::ApiGatewayV2::IntegrationResponse/, + /AWS::ApiGatewayV2::Model/, + /AWS::ApiGatewayV2::Route/, + /AWS::ApiGatewayV2::RouteResponse/, + /AWS::AppConfig::HostedConfigurationVersion/, + /AWS::AppFlow::Connector/, + /AWS::AppFlow::ConnectorProfile/, + /AWS::AppStream::ApplicationEntitlementAssociation/, + /AWS::AppStream::ApplicationFleetAssociation/, + /AWS::AppStream::DirectoryConfig/, + /AWS::AppStream::Entitlement/, + /AWS::AppStream::StackFleetAssociation/, + /AWS::AppStream::StackUserAssociation/, + /AWS::AppStream::User/, + /AWS::AppSync::ApiCache/, + /AWS::AppSync::ApiKey/, + /AWS::AppSync::DataSource/, + /AWS::AppSync::DomainName/, + /AWS::AppSync::DomainNameApiAssociation/, + /AWS::AppSync::FunctionConfiguration/, + /AWS::AppSync::GraphQLSchema/, + /AWS::AppSync::Resolver/, + /AWS::AppSync::SourceApiAssociation/, + /AWS::ApplicationAutoScaling::ScalableTarget/, + /AWS::ApplicationAutoScaling::ScalingPolicy/, + /AWS::Athena::NamedQuery/, + /AWS::Athena::PreparedStatement/, + /AWS::AutoScaling::LaunchConfiguration/, + /AWS::AutoScaling::LifecycleHook/, + /AWS::AutoScaling::ScalingPolicy/, + /AWS::AutoScaling::ScheduledAction/, + /AWS::AutoScaling::WarmPool/, + /AWS::AutoScalingPlans::ScalingPlan/, + /AWS::Backup::BackupPlan/, + /AWS::Backup::BackupSelection/, + /AWS::Backup::BackupVault/, + /AWS::Backup::Framework/, + /AWS::Backup::ReportPlan/, + /AWS::Backup::RestoreTestingSelection/, + /AWS::Bedrock::DataSource/, + /AWS::Bedrock::FlowVersion/, + /AWS::Bedrock::GuardrailVersion/, + /AWS::Budgets::Budget/, + /AWS::Budgets::BudgetsAction/, + /AWS::CE::AnomalyMonitor/, + /AWS::CE::AnomalySubscription/, + /AWS::CE::CostCategory/, + /AWS::CUR::ReportDefinition/, + /AWS::CertificateManager::Account/, + /AWS::CloudFormation::CustomResource/, + /AWS::CloudFormation::HookDefaultVersion/, + /AWS::CloudFormation::HookTypeConfig/, + /AWS::CloudFormation::HookVersion/, + /AWS::CloudFormation::Macro/, + /AWS::CloudFormation::ModuleDefaultVersion/, + /AWS::CloudFormation::ModuleVersion/, + /AWS::CloudFormation::PublicTypeVersion/, + /AWS::CloudFormation::Publisher/, + /AWS::CloudFormation::ResourceDefaultVersion/, + /AWS::CloudFormation::ResourceVersion/, + /AWS::CloudFormation::TypeActivation/, + /AWS::CloudFormation::WaitCondition/, + /AWS::CloudFormation::WaitConditionHandle/, + /AWS::CloudFront::CachePolicy/, + /AWS::CloudFront::CloudFrontOriginAccessIdentity/, + /AWS::CloudFront::ContinuousDeploymentPolicy/, + /AWS::CloudFront::Function/, + /AWS::CloudFront::KeyGroup/, + /AWS::CloudFront::KeyValueStore/, + /AWS::CloudFront::MonitoringSubscription/, + /AWS::CloudFront::OriginAccessControl/, + /AWS::CloudFront::OriginRequestPolicy/, + /AWS::CloudFront::PublicKey/, + /AWS::CloudFront::RealtimeLogConfig/, + /AWS::CloudFront::ResponseHeadersPolicy/, + /AWS::CloudTrail::ResourcePolicy/, + /AWS::CloudWatch::AnomalyDetector/, + /AWS::CloudWatch::Dashboard/, + /AWS::CodeBuild::SourceCredential/, + /AWS::CodeDeploy::DeploymentConfig/, + /AWS::CodePipeline::CustomActionType/, + /AWS::CodePipeline::Webhook/, + /AWS::CodeStar::GitHubRepository/, + /AWS::CodeStarConnections::SyncConfiguration/, + /AWS::Cognito::IdentityPool/, + /AWS::Cognito::IdentityPoolPrincipalTag/, + /AWS::Cognito::IdentityPoolRoleAttachment/, + /AWS::Cognito::LogDeliveryConfiguration/, + /AWS::Cognito::UserPool/, + /AWS::Cognito::UserPoolClient/, + /AWS::Cognito::UserPoolDomain/, + /AWS::Cognito::UserPoolGroup/, + /AWS::Cognito::UserPoolIdentityProvider/, + /AWS::Cognito::UserPoolResourceServer/, + /AWS::Cognito::UserPoolRiskConfigurationAttachment/, + /AWS::Cognito::UserPoolUICustomizationAttachment/, + /AWS::Cognito::UserPoolUser/, + /AWS::Cognito::UserPoolUserToGroupAttachment/, + /AWS::Config::ConfigRule/, + /AWS::Config::ConfigurationRecorder/, + /AWS::Config::ConformancePack/, + /AWS::Config::DeliveryChannel/, + /AWS::Config::OrganizationConfigRule/, + /AWS::Config::OrganizationConformancePack/, + /AWS::Config::RemediationConfiguration/, + /AWS::Connect::ApprovedOrigin/, + /AWS::Connect::InstanceStorageConfig/, + /AWS::Connect::IntegrationAssociation/, + /AWS::Connect::PredefinedAttribute/, + /AWS::Connect::SecurityKey/, + /AWS::Connect::UserHierarchyStructure/, + /AWS::Connect::ViewVersion/, + /AWS::DAX::ParameterGroup/, + /AWS::DAX::SubnetGroup/, + /AWS::DMS::Certificate/, + /AWS::DataPipeline::Pipeline/, + /AWS::DataZone::DataSource/, + /AWS::DataZone::Environment/, + /AWS::DataZone::EnvironmentActions/, + /AWS::DataZone::EnvironmentBlueprintConfiguration/, + /AWS::DataZone::EnvironmentProfile/, + /AWS::DataZone::GroupProfile/, + /AWS::DataZone::Project/, + /AWS::DataZone::ProjectMembership/, + /AWS::DataZone::SubscriptionTarget/, + /AWS::DataZone::UserProfile/, + /AWS::Deadline::MeteredProduct/, + /AWS::Deadline::Monitor/, + /AWS::Deadline::QueueEnvironment/, + /AWS::Deadline::QueueFleetAssociation/, + /AWS::Deadline::StorageProfile/, + /AWS::Detective::MemberInvitation/, + /AWS::Detective::OrganizationAdmin/, + /AWS::DevOpsGuru::LogAnomalyDetectionIntegration/, + /AWS::DevOpsGuru::NotificationChannel/, + /AWS::DevOpsGuru::ResourceCollection/, + /AWS::DirectoryService::MicrosoftAD/, + /AWS::DirectoryService::SimpleAD/, + /AWS::DocDB::EventSubscription/, + /AWS::DynamoDB::GlobalTable/, + /AWS::EC2::CapacityReservation/, + /AWS::EC2::CapacityReservationFleet/, + /AWS::EC2::ClientVpnAuthorizationRule/, + /AWS::EC2::ClientVpnEndpoint/, + /AWS::EC2::ClientVpnRoute/, + /AWS::EC2::ClientVpnTargetNetworkAssociation/, + /AWS::EC2::EC2Fleet/, + /AWS::EC2::EIPAssociation/, + /AWS::EC2::EgressOnlyInternetGateway/, + /AWS::EC2::EnclaveCertificateIamRoleAssociation/, + /AWS::EC2::GatewayRouteTableAssociation/, + /AWS::EC2::Host/, + /AWS::EC2::IPAMAllocation/, + /AWS::EC2::IPAMPoolCidr/, + /AWS::EC2::LaunchTemplate/, + /AWS::EC2::LocalGatewayRoute/, + /AWS::EC2::NetworkAclEntry/, + /AWS::EC2::NetworkInterfaceAttachment/, + /AWS::EC2::NetworkInterfacePermission/, + /AWS::EC2::NetworkPerformanceMetricSubscription/, + /AWS::EC2::PlacementGroup/, + /AWS::EC2::Route/, + /AWS::EC2::SecurityGroupEgress/, + /AWS::EC2::SecurityGroupIngress/, + /AWS::EC2::SnapshotBlockPublicAccess/, + /AWS::EC2::SpotFleet/, + /AWS::EC2::SubnetCidrBlock/, + /AWS::EC2::SubnetNetworkAclAssociation/, + /AWS::EC2::SubnetRouteTableAssociation/, + /AWS::EC2::TransitGatewayMulticastDomainAssociation/, + /AWS::EC2::TransitGatewayMulticastGroupMember/, + /AWS::EC2::TransitGatewayMulticastGroupSource/, + /AWS::EC2::TransitGatewayRoute/, + /AWS::EC2::TransitGatewayRouteTableAssociation/, + /AWS::EC2::TransitGatewayRouteTablePropagation/, + /AWS::EC2::VPCCidrBlock/, + /AWS::EC2::VPCDHCPOptionsAssociation/, + /AWS::EC2::VPCEndpoint/, + /AWS::EC2::VPCEndpointConnectionNotification/, + /AWS::EC2::VPCEndpointService/, + /AWS::EC2::VPCEndpointServicePermissions/, + /AWS::EC2::VPCGatewayAttachment/, + /AWS::EC2::VPNConnectionRoute/, + /AWS::EC2::VPNGatewayRoutePropagation/, + /AWS::EC2::VolumeAttachment/, + /AWS::ECR::PullThroughCacheRule/, + /AWS::ECR::RegistryPolicy/, + /AWS::ECR::ReplicationConfiguration/, + /AWS::ECR::RepositoryCreationTemplate/, + /AWS::ECS::ClusterCapacityProviderAssociations/, + /AWS::ECS::PrimaryTaskSet/, + /AWS::EFS::AccessPoint/, + /AWS::EFS::FileSystem/, + /AWS::EFS::MountTarget/, + /AWS::EMR::InstanceFleetConfig/, + /AWS::EMR::InstanceGroupConfig/, + /AWS::EMR::SecurityConfiguration/, + /AWS::EMR::Step/, + /AWS::EMR::StudioSessionMapping/, + /AWS::ElastiCache::GlobalReplicationGroup/, + /AWS::ElastiCache::SecurityGroupIngress/, + /AWS::ElasticBeanstalk::Application/, + /AWS::ElasticBeanstalk::ApplicationVersion/, + /AWS::ElasticBeanstalk::ConfigurationTemplate/, + /AWS::ElasticLoadBalancingV2::Listener/, + /AWS::ElasticLoadBalancingV2::ListenerCertificate/, + /AWS::ElasticLoadBalancingV2::ListenerRule/, + /AWS::ElasticLoadBalancingV2::TrustStoreRevocation/, + /AWS::EntityResolution::PolicyStatement/, + /AWS::EventSchemas::RegistryPolicy/, + /AWS::Events::ApiDestination/, + /AWS::Events::Archive/, + /AWS::Events::Connection/, + /AWS::Events::Endpoint/, + /AWS::Events::EventBusPolicy/, + /AWS::Events::Rule/, + /AWS::FIS::TargetAccountConfiguration/, + /AWS::FMS::NotificationChannel/, + /AWS::GameLift::Alias/, + /AWS::GameLift::Build/, + /AWS::GameLift::Fleet/, + /AWS::GlobalAccelerator::EndpointGroup/, + /AWS::GlobalAccelerator::Listener/, + /AWS::Glue::Classifier/, + /AWS::Glue::Connection/, + /AWS::Glue::DataCatalogEncryptionSettings/, + /AWS::Glue::Database/, + /AWS::Glue::Partition/, + /AWS::Glue::SchemaVersion/, + /AWS::Glue::SchemaVersionMetadata/, + /AWS::Glue::SecurityConfiguration/, + /AWS::Glue::Table/, + /AWS::Glue::TableOptimizer/, + /AWS::Grafana::Workspace/, + /AWS::Greengrass::ConnectorDefinitionVersion/, + /AWS::Greengrass::CoreDefinitionVersion/, + /AWS::Greengrass::DeviceDefinitionVersion/, + /AWS::Greengrass::FunctionDefinitionVersion/, + /AWS::Greengrass::GroupVersion/, + /AWS::Greengrass::LoggerDefinitionVersion/, + /AWS::Greengrass::ResourceDefinitionVersion/, + /AWS::Greengrass::SubscriptionDefinitionVersion/, + /AWS::GuardDuty::Master/, + /AWS::GuardDuty::Member/, + /AWS::GuardDuty::PublishingDestination/, + /AWS::IAM::AccessKey/, + /AWS::IAM::Group/, + /AWS::IAM::GroupPolicy/, + /AWS::IAM::InstanceProfile/, + /AWS::IAM::ManagedPolicy/, + /AWS::IAM::Policy/, + /AWS::IAM::RolePolicy/, + /AWS::IAM::ServiceLinkedRole/, + /AWS::IAM::UserPolicy/, + /AWS::IAM::UserToGroupAddition/, + /AWS::IdentityStore::Group/, + /AWS::IdentityStore::GroupMembership/, + /AWS::Inspector::AssessmentTarget/, + /AWS::Inspector::AssessmentTemplate/, + /AWS::Inspector::ResourceGroup/, + /AWS::InspectorV2::Filter/, + /AWS::IoT1Click::Device/, + /AWS::IoT1Click::Placement/, + /AWS::IoT1Click::Project/, + /AWS::IoT::AccountAuditConfiguration/, + /AWS::IoT::Certificate/, + /AWS::IoT::Logging/, + /AWS::IoT::Policy/, + /AWS::IoT::PolicyPrincipalAttachment/, + /AWS::IoT::ResourceSpecificLogging/, + /AWS::IoT::Thing/, + /AWS::IoT::ThingPrincipalAttachment/, + /AWS::IoT::TopicRule/, + /AWS::IoT::TopicRuleDestination/, + /AWS::IoTSiteWise::AccessPolicy/, + /AWS::IoTThingsGraph::FlowTemplate/, + /AWS::KMS::Alias/, + /AWS::Kinesis::ResourcePolicy/, + /AWS::Kinesis::StreamConsumer/, + /AWS::KinesisAnalytics::Application/, + /AWS::KinesisAnalytics::ApplicationOutput/, + /AWS::KinesisAnalytics::ApplicationReferenceDataSource/, + /AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption/, + /AWS::KinesisAnalyticsV2::ApplicationOutput/, + /AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource/, + /AWS::LakeFormation::DataCellsFilter/, + /AWS::LakeFormation::DataLakeSettings/, + /AWS::LakeFormation::Permissions/, + /AWS::LakeFormation::PrincipalPermissions/, + /AWS::LakeFormation::Resource/, + /AWS::LakeFormation::Tag/, + /AWS::LakeFormation::TagAssociation/, + /AWS::Lambda::Alias/, + /AWS::Lambda::EventInvokeConfig/, + /AWS::Lambda::EventSourceMapping/, + /AWS::Lambda::LayerVersion/, + /AWS::Lambda::LayerVersionPermission/, + /AWS::Lambda::Permission/, + /AWS::Lambda::ResourcePolicy/, + /AWS::Lambda::Url/, + /AWS::Lambda::Version/, + /AWS::Lex::Bot/, + /AWS::Lex::BotAlias/, + /AWS::Lex::BotVersion/, + /AWS::Lex::ResourcePolicy/, + /AWS::LicenseManager::Grant/, + /AWS::LicenseManager::License/, + /AWS::Lightsail::Alarm/, + /AWS::Lightsail::LoadBalancerTlsCertificate/, + /AWS::Lightsail::StaticIp/, + /AWS::Location::TrackerConsumer/, + /AWS::Logs::AccountPolicy/, + /AWS::Logs::Destination/, + /AWS::Logs::LogAnomalyDetector/, + /AWS::Logs::LogStream/, + /AWS::Logs::MetricFilter/, + /AWS::Logs::QueryDefinition/, + /AWS::Logs::ResourcePolicy/, + /AWS::Logs::SubscriptionFilter/, + /AWS::LookoutMetrics::Alert/, + /AWS::LookoutMetrics::AnomalyDetector/, + /AWS::LookoutVision::Project/, + /AWS::MSK::BatchScramSecret/, + /AWS::MSK::ClusterPolicy/, + /AWS::MSK::Configuration/, + /AWS::Macie::Session/, + /AWS::ManagedBlockchain::Member/, + /AWS::ManagedBlockchain::Node/, + /AWS::MediaConnect::Bridge/, + /AWS::MediaConnect::BridgeOutput/, + /AWS::MediaConnect::BridgeSource/, + /AWS::MediaConnect::Flow/, + /AWS::MediaConnect::FlowEntitlement/, + /AWS::MediaConnect::FlowOutput/, + /AWS::MediaConnect::FlowSource/, + /AWS::MediaConnect::FlowVpcInterface/, + /AWS::MediaConnect::Gateway/, + /AWS::MediaLive::Multiplexprogram/, + /AWS::MediaPackageV2::ChannelPolicy/, + /AWS::MediaPackageV2::OriginEndpointPolicy/, + /AWS::MediaTailor::ChannelPolicy/, + /AWS::Neptune::EventSubscription/, + /AWS::NeptuneGraph::PrivateGraphEndpoint/, + /AWS::NetworkFirewall::LoggingConfiguration/, + /AWS::NetworkManager::CustomerGatewayAssociation/, + /AWS::NetworkManager::LinkAssociation/, + /AWS::NetworkManager::TransitGatewayRegistration/, + /AWS::OpenSearchServerless::AccessPolicy/, + /AWS::OpenSearchServerless::LifecyclePolicy/, + /AWS::OpenSearchServerless::SecurityConfig/, + /AWS::OpenSearchServerless::SecurityPolicy/, + /AWS::OpenSearchServerless::VpcEndpoint/, + /AWS::OpsWorks::App/, + /AWS::OpsWorks::ElasticLoadBalancerAttachment/, + /AWS::OpsWorks::Instance/, + /AWS::OpsWorks::UserProfile/, + /AWS::OpsWorks::Volume/, + /AWS::Organizations::Organization/, + /AWS::PCAConnectorAD::ServicePrincipalName/, + /AWS::PCAConnectorAD::TemplateGroupAccessControlEntry/, + /AWS::Panorama::PackageVersion/, + /AWS::PaymentCryptography::Alias/, + /AWS::Personalize::Dataset/, + /AWS::Personalize::DatasetGroup/, + /AWS::Personalize::Schema/, + /AWS::Personalize::Solution/, + /AWS::Pinpoint::ADMChannel/, + /AWS::Pinpoint::APNSChannel/, + /AWS::Pinpoint::APNSSandboxChannel/, + /AWS::Pinpoint::APNSVoipChannel/, + /AWS::Pinpoint::APNSVoipSandboxChannel/, + /AWS::Pinpoint::ApplicationSettings/, + /AWS::Pinpoint::BaiduChannel/, + /AWS::Pinpoint::EmailChannel/, + /AWS::Pinpoint::EventStream/, + /AWS::Pinpoint::GCMChannel/, + /AWS::Pinpoint::SMSChannel/, + /AWS::Pinpoint::VoiceChannel/, + /AWS::PinpointEmail::ConfigurationSetEventDestination/, + /AWS::QuickSight::RefreshSchedule/, + /AWS::QuickSight::Topic/, + /AWS::RDS::DBProxyTargetGroup/, + /AWS::RDS::DBSecurityGroupIngress/, + /AWS::Redshift::ClusterSecurityGroupIngress/, + /AWS::Redshift::EndpointAccess/, + /AWS::Redshift::EndpointAuthorization/, + /AWS::Redshift::ScheduledAction/, + /AWS::Rekognition::Project/, + /AWS::ResourceExplorer2::DefaultViewAssociation/, + /AWS::RoboMaker::RobotApplicationVersion/, + /AWS::RoboMaker::SimulationApplicationVersion/, + /AWS::Route53::CidrCollection/, + /AWS::Route53::DNSSEC/, + /AWS::Route53::HealthCheck/, + /AWS::Route53::HostedZone/, + /AWS::Route53::KeySigningKey/, + /AWS::Route53::RecordSet/, + /AWS::Route53::RecordSetGroup/, + /AWS::Route53Profiles::ProfileResourceAssociation/, + /AWS::Route53RecoveryControl::RoutingControl/, + /AWS::Route53Resolver::ResolverConfig/, + /AWS::Route53Resolver::ResolverDNSSECConfig/, + /AWS::Route53Resolver::ResolverQueryLoggingConfig/, + /AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation/, + /AWS::Route53Resolver::ResolverRuleAssociation/, + /AWS::S3::AccessPoint/, + /AWS::S3::BucketPolicy/, + /AWS::S3::MultiRegionAccessPoint/, + /AWS::S3::MultiRegionAccessPointPolicy/, + /AWS::S3Express::BucketPolicy/, + /AWS::S3Express::DirectoryBucket/, + /AWS::S3ObjectLambda::AccessPoint/, + /AWS::S3ObjectLambda::AccessPointPolicy/, + /AWS::S3Outposts::AccessPoint/, + /AWS::S3Outposts::BucketPolicy/, + /AWS::S3Outposts::Endpoint/, + /AWS::SDB::Domain/, + /AWS::SES::ConfigurationSet/, + /AWS::SES::ConfigurationSetEventDestination/, + /AWS::SES::DedicatedIpPool/, + /AWS::SES::EmailIdentity/, + /AWS::SES::ReceiptFilter/, + /AWS::SES::ReceiptRule/, + /AWS::SES::ReceiptRuleSet/, + /AWS::SES::Template/, + /AWS::SES::VdmAttributes/, + /AWS::SNS::Subscription/, + /AWS::SNS::TopicInlinePolicy/, + /AWS::SNS::TopicPolicy/, + /AWS::SQS::QueueInlinePolicy/, + /AWS::SQS::QueuePolicy/, + /AWS::SSM::Association/, + /AWS::SSM::MaintenanceWindowTarget/, + /AWS::SSM::MaintenanceWindowTask/, + /AWS::SSM::ResourceDataSync/, + /AWS::SSM::ResourcePolicy/, + /AWS::SSMContacts::Contact/, + /AWS::SSMContacts::ContactChannel/, + /AWS::SSMContacts::Plan/, + /AWS::SSMGuiConnect::Preferences/, + /AWS::SSO::ApplicationAssignment/, + /AWS::SSO::Assignment/, + /AWS::SSO::InstanceAccessControlAttributeConfiguration/, + /AWS::SageMaker::ImageVersion/, + /AWS::SageMaker::NotebookInstanceLifecycleConfig/, + /AWS::Scheduler::Schedule/, + /AWS::SecretsManager::ResourcePolicy/, + /AWS::SecretsManager::RotationSchedule/, + /AWS::SecretsManager::SecretTargetAttachment/, + /AWS::SecurityHub::DelegatedAdmin/, + /AWS::SecurityHub::FindingAggregator/, + /AWS::SecurityHub::Insight/, + /AWS::SecurityHub::OrganizationConfiguration/, + /AWS::SecurityHub::PolicyAssociation/, + /AWS::SecurityHub::ProductSubscription/, + /AWS::SecurityHub::SecurityControl/, + /AWS::SecurityHub::Standard/, + /AWS::SecurityLake::AwsLogSource/, + /AWS::SecurityLake::SubscriberNotification/, + /AWS::ServiceCatalog::AcceptedPortfolioShare/, + /AWS::ServiceCatalog::LaunchNotificationConstraint/, + /AWS::ServiceCatalog::LaunchRoleConstraint/, + /AWS::ServiceCatalog::LaunchTemplateConstraint/, + /AWS::ServiceCatalog::PortfolioPrincipalAssociation/, + /AWS::ServiceCatalog::PortfolioProductAssociation/, + /AWS::ServiceCatalog::PortfolioShare/, + /AWS::ServiceCatalog::ResourceUpdateConstraint/, + /AWS::ServiceCatalog::ServiceAction/, + /AWS::ServiceCatalog::ServiceActionAssociation/, + /AWS::ServiceCatalog::StackSetConstraint/, + /AWS::ServiceCatalog::TagOption/, + /AWS::ServiceCatalog::TagOptionAssociation/, + /AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation/, + /AWS::ServiceCatalogAppRegistry::ResourceAssociation/, + /AWS::ServiceDiscovery::Instance/, + /AWS::Shield::DRTAccess/, + /AWS::Shield::ProactiveEngagement/, + /AWS::Signer::ProfilePermission/, + /AWS::SimSpaceWeaver::Simulation/, + /AWS::StepFunctions::StateMachineAlias/, + /AWS::StepFunctions::StateMachineVersion/, + /AWS::SupportApp::AccountAlias/, + /AWS::SupportApp::SlackChannelConfiguration/, + /AWS::SupportApp::SlackWorkspaceConfiguration/, + /AWS::VerifiedPermissions::IdentitySource/, + /AWS::VerifiedPermissions::Policy/, + /AWS::VerifiedPermissions::PolicyStore/, + /AWS::VerifiedPermissions::PolicyTemplate/, + /AWS::VpcLattice::AuthPolicy/, + /AWS::VpcLattice::ResourcePolicy/, + /AWS::WAF::ByteMatchSet/, + /AWS::WAF::IPSet/, + /AWS::WAF::Rule/, + /AWS::WAF::SizeConstraintSet/, + /AWS::WAF::SqlInjectionMatchSet/, + /AWS::WAF::WebACL/, + /AWS::WAF::XssMatchSet/, + /AWS::WAFRegional::ByteMatchSet/, + /AWS::WAFRegional::GeoMatchSet/, + /AWS::WAFRegional::IPSet/, + /AWS::WAFRegional::RateBasedRule/, + /AWS::WAFRegional::RegexPatternSet/, + /AWS::WAFRegional::Rule/, + /AWS::WAFRegional::SizeConstraintSet/, + /AWS::WAFRegional::SqlInjectionMatchSet/, + /AWS::WAFRegional::WebACL/, + /AWS::WAFRegional::WebACLAssociation/, + /AWS::WAFRegional::XssMatchSet/, + /AWS::WAFv2::LoggingConfiguration/, + /AWS::WAFv2::WebACLAssociation/, + /AWS::XRay::ResourcePolicy/, + /Alexa::ASK::Skill/, /AWS::App*/ ]