[Snyk] Upgrade async from 2.6.4 to 3.2.6

[gitworkflows]

Snyk has created this PR to upgrade async from 2.6.4 to 3.2.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 12 versions ahead of your current version.

• The recommended version was released on 4 months ago.

Release notes

Package name: async

• 3.2.6 - 2024-08-19
  

  Version 3.2.6

• 3.2.5 - 2023-11-03
  

  Version 3.2.5

• 3.2.4 - 2022-06-07
  

  Version 3.2.4

• 3.2.3 - 2022-01-10
  

  Version 3.2.3

• 3.2.2 - 2021-10-28
  

  Version 3.2.2

• 3.2.1 - 2021-08-05
  

  Version 3.2.1

• 3.2.0 - 2020-02-24
  

  Version 3.2.0

• 3.1.1 - 2020-01-24
  

  Version 3.1.1

• 3.1.0 - 2019-06-23
• 3.0.1 - 2019-05-26
• 3.0.1-0 - 2018-10-01
• 3.0.0 - 2019-05-20
• 2.6.4 - 2022-04-13
  

  Version 2.6.4

from async GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Build:

• Upgrade the 'async' package from version 2.6.4 to 3.2.6 in package.json.

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR upgrades the async package from version 2.6.4 to 3.2.6 in the project's dependencies. This is a major version upgrade that spans 12 versions and may introduce breaking changes.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Updated dependency version in package.json	Upgraded async package from ^2.6.1 to ^3.2.6 Major version bump from 2.x to 3.x indicates potential breaking changes	package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gitworkflows]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codiumai-pr-agent-free]

CI Failure Feedback 🧐

(Checks updated until commit b8a8c70)

Action: build

Failed stage: NPM Test [❌]

Failure summary: The action failed due to multiple tests failing. Specifically: The test openCIFS failed because the security group has the CIFS UDP port open to the public. The test openCustomPorts failed because the security group has open ports. The test openDNS failed because the security group has DNS TCP or UDP port open to the public. The test openDocker failed because the security group has Docker TCP port open to the public. The test openElasticsearch failed because the security group has Elasticsearch TCP port open to the public. The test openFTP failed because the security group has FTP TCP port open to the public. The test openHadoopNameNode failed because the security group has HDFSNameNodeMetadataService TCP port open to the public. The test openHadoopNameNodeWebUI failed because the security group has NameNodeWebUI TCP port open to the public. The test openHTTP failed because the security group has HTTP TCP port open to the public. The test openHTTPS failed because the security group has HTTPS TCP port open to the public. The test openInternalWeb failed because the security group has Internal Web TCP port open to the public. The test openKibana failed because the security group has Kibana TCP port open to the public. The test openLDAP failed because the security group has LDAP TCP port open to the public. The test openLDAPS failed because the security group has LDAP SSL TCP port open to the public.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 654: (Use `node --trace-warnings ...` to show where the warning was created) 655: engine 656: INFO: Determining API calls to make... 657: INFO: Found 350 API calls to make for aws plugins 658: INFO: Collecting metadata. This may take several minutes... 659: ✔ should run with no arguments (64ms) 660: exports 661: ✔ should use the proper format for each test (231ms) 662: [INFO][REGIONS] Could not load all regions from EC2: {"message":"Missing region in config","code":"ConfigError","time":"2024-12-09T06:12:31.704Z"} ... 671: ✔ should NOT traverse objects without allKeys option 672: ✔ should NOT travers objects in standard keywords which value is not a schema 673: pre and post 674: ✔ should traverse schema in pre-order 675: ✔ should traverse schema in post-order 676: ✔ should traverse schema in pre- and post-order at the same time 677: ackPrivateClusterEnabled 678: run 679: ✔ should FAIL if Cluster does not have Private Cluster enabled 680: ✔ should PASS if Cluster have Private Cluster enabled 681: ✔ should PASS if No ACK clusters found 682: ✔ should UNKNOWN if unable to query ACK clusters 683: ✔ should UNKNOWN if unable no Master_url is found for ACK clusters 684: cloudMonitorEnabled 685: run 686: ✔ should FAIL if Cluster does not have Cloud Monitor Enabled 687: ✔ should PASS if Cluster has Cloud Monitor enabled 688: ✔ should PASS if No ACK clusters found 689: ✔ should UNKNOWN if unable to query ACK clusters 690: logServiceEnabled 691: run 692: ✔ should FAIL if Cluster does not have Log Service enabled 693: ✔ should PASS if Cluster has Log Service enabled 694: ✔ should PASS if No ACK clusters found 695: ✔ should UNKNOWN if unable to query ACK clusters 696: ENImultipleIPmode 697: run 698: ✔ should FAIL if Cluster does not have NetworkPolicy Terway enabled 699: ✔ should PASS if Cluster has NetworkPolicy Terway enabled 700: ✔ should PASS if No ACK clusters found 701: ✔ should UNKNOWN if unable to query ACK clusters 702: networkPolicyEnabled 703: run 704: ✔ should FAIL if Cluster does not have NetworkPolicy enabled 705: ✔ should PASS if Cluster has NetworkPolicy enabled 706: ✔ should PASS if No ACK clusters found 707: ✔ should UNKNOWN if unable to query ACK clusters 708: webDashboardDisabled 709: run 710: ✔ should FAIL if Cluster has web dashboard enabled 711: ✔ should PASS if Cluster does not have web dashboard enabled 712: ✔ should PASS if No ACK clusters found 713: ✔ should UNKNOWN if unable to query ACK clusters 714: actiontrailBucketPrivate 715: run 716: ✔ should FAIL if ActionTrail trail Bucket ACL allows public access 717: ✔ should PASS if ActionTrail trail Bucket ACL allows private access 718: ✔ should PASS if no ActionTrail trail found 719: ✔ should PASS if no ActionTrail trail with OSS bucket destination found 720: ✔ should UNKNOWN if unable to query ActionTrail trails 721: ✔ should UNKNOWN if unable to query OSS bucket info 722: actiontrailGlobalExportLogs 723: run 724: ✔ should FAIL if ActionTrail does not have global trail to log all events 725: ✔ should FAIL if ActionTrail has global trail to log all events but does not export logs to OSS bucket 726: ✔ should PASS if ActionTrail has global trails to log all events 727: ✔ should UNKNOWN if unable to query ActionTrail trails 728: apiGroupTlsVersion 729: run 730: ✔ should PASS if API has latest TLS version 731: ✔ should FAIL if API does not have latest TLS version 732: ✔ should FAIL if API response does not have HttpsPolicy 733: ✔ should PASS if no api groups found 734: ✔ should UNKNOWN if unable to describe API groups 735: ✔ should not return anything if response not received 736: apiProtocol 737: run 738: ✔ should PASS if API has HTTPS protocol configured 739: ✔ should FAIL if API does not HTTPS protocol configured 740: ✔ should FAIL if API response does not have RequestConfig property 741: ✔ should PASS if no APIs are found 742: ✔ should UNKNOWN if unable to describe APIs 743: ✔ should not return anything if response not received 744: dataDisksEncrypted 745: run 746: ✔ should FAIL if disk is not encrypted 747: ✔ should FAIL if Data disk is not encrypted to target encryption level 748: ✔ should PASS if data disks are encrypted 749: ✔ should PASS if no ECS disks found 750: ✔ should UNKNOWN if unable to query ECS disks 751: openAllPortsProtocols 752: run 753: ✔ should PASS if no public open ports found 754: ✔ should FAIL if security group has all ports and protocols open to public 755: ✔ should PASS if no security groups found 756: ✔ should UNKNWON unable to describe security groups 757: openCIFS 758: run 759: ✔ should PASS if no public open ports found 760: ✔ should FAIL if security group has CIFS UDP 445 port open to public 761: ✔ should PASS if no security groups found 762: ✔ should UNKNWON unable to describe security groups 763: openCustomPorts 764: run 765: ✔ should PASS if no public open ports found 766: ✔ should FAIL if security group has custom ports open to public 767: ✔ should PASS if no security groups found 768: ✔ should UNKNWON unable to describe security groups 769: openDNS 770: run 771: ✔ should PASS if no public open ports found 772: ✔ should FAIL if security group has RDP TCP 53 port open to public 773: ✔ should PASS if no security groups found 774: ✔ should UNKNWON unable to describe security groups 775: openDocker 776: run 777: ✔ should PASS if no public open ports found 778: ✔ should FAIL if security group has Docker TCP 2375 port open to public 779: ✔ should PASS if no security groups found 780: ✔ should UNKNWON unable to describe security groups 781: openElasticsearch 782: run 783: ✔ should PASS if no public open ports found 784: ✔ should FAIL if security group has Elasticsearch TCP 9200 port open to public 785: ✔ should PASS if no security groups found 786: ✔ should UNKNWON unable to describe security groups 787: openFTP 788: run 789: ✔ should PASS if no public open ports found 790: ✔ should FAIL if security group has FTP TCP 20 port open to public 791: ✔ should PASS if no security groups found 792: ✔ should UNKNWON unable to describe security groups 793: openHadoopNameNode 794: run 795: ✔ should PASS if no public open ports found 796: ✔ should FAIL if security group has HDFSNameNodeMetadataService TCP 8020 port open to public 797: ✔ should PASS if no security groups found 798: ✔ should UNKNWON unable to describe security groups 799: openHadoopNameNodeWebUI 800: run 801: ✔ should PASS if no public open ports found 802: ✔ should FAIL if security group has NameNodeWebUI TCP 50070 port open to public 803: ✔ should PASS if no security groups found 804: ✔ should UNKNWON unable to describe security groups 805: openKibana 806: run 807: ✔ should PASS if no public open ports found 808: ✔ should FAIL if security group has Kibana TCP 5601 port open to public 809: ✔ should PASS if no security groups found 810: ✔ should UNKNWON unable to describe security groups 811: openMySQL 812: run 813: ✔ should PASS if no public open ports found 814: ✔ should FAIL if security group has MySQL TCP 3306 port open to public 815: ✔ should PASS if no security groups found 816: ✔ should UNKNWON unable to describe security groups 817: openNetBIOS 818: run 819: ✔ should PASS if no public open ports found 820: ✔ should FAIL if security group has NetBIOS UDP 137 port open to public 821: ✔ should PASS if no security groups found 822: ✔ should UNKNWON unable to describe security groups 823: openOracle 824: run 825: ✔ should PASS if no public open ports found 826: ✔ should FAIL if security group has Oracle TCP 1521 port open to public 827: ✔ should PASS if no security groups found 828: ✔ should UNKNWON unable to describe security groups 829: openOracleAutoDataWarehouse 830: run 831: ✔ should PASS if no public open ports found 832: ✔ should FAIL if security group has Oracle Auto Data Warehouse TCP 1522 port open to public 833: ✔ should PASS if no security groups found 834: ✔ should UNKNWON unable to describe security groups 835: openPostgreSQL 836: run 837: ✔ should PASS if no public open ports found 838: ✔ should FAIL if security group has PostgreSQL TCP 5432 port open to public 839: ✔ should PASS if no security groups found 840: ✔ should UNKNWON unable to describe security groups 841: openRDP 842: run 843: ✔ should PASS if no public open ports found 844: ✔ should FAIL if security group has RDP TCP 3389 port open to public 845: ✔ should PASS if no security groups found 846: ✔ should UNKNWON unable to describe security groups 847: openSalt 848: run 849: ✔ should PASS if no public open ports found 850: ✔ should FAIL if security group has Salt TCP 4505 port open to public 851: ✔ should PASS if no security groups found 852: ✔ should UNKNWON unable to describe security groups 853: openSMBoTCP 854: run 855: ✔ should PASS if no public open ports found 856: ✔ should FAIL if security group has SMBoTCP TCP 445 port open to public 857: ✔ should PASS if no security groups found 858: ✔ should UNKNWON unable to describe security groups 859: openSMTP 860: run 861: ✔ should PASS if no public open ports found 862: ✔ should FAIL if security group has SMTP TCP 25 port open to public 863: ✔ should PASS if no security groups found 864: ✔ should UNKNWON unable to describe security groups 865: openSQLServer 866: run 867: ✔ should PASS if no public open ports found 868: ✔ should FAIL if security group has SQL Server TCP 1433 port open to public 869: ✔ should PASS if no security groups found 870: ✔ should UNKNWON unable to describe security groups 871: openSSH 872: run 873: ✔ should PASS if no public open ports found 874: ✔ should FAIL if security group has SSH TCP 22 port open to public 875: ✔ should PASS if no security groups found 876: ✔ should UNKNWON unable to describe security groups 877: openTelnet 878: run 879: ✔ should PASS if no public open ports found 880: ✔ should FAIL if security group has Telnet TCP 23 port open to public 881: ✔ should PASS if no security groups found 882: ✔ should UNKNWON unable to describe security groups 883: openVNCClient 884: run 885: ✔ should PASS if no public open ports found 886: ✔ should FAIL if security group has VNC Client TCP 5500 port open to public 887: ✔ should PASS if no security groups found 888: ✔ should UNKNWON unable to describe security groups 889: openVNCServer 890: run 891: ✔ should PASS if no public open ports found 892: ✔ should FAIL if security group has VNC Server TCP 5900 port open to public 893: ✔ should PASS if no security groups found 894: ✔ should UNKNWON unable to describe security groups 895: systemDisksEncrypted 896: run 897: ✔ should PASS if System disks are encrypted 898: ✔ should PASS if System disks are encrypted to target encryption level 899: ✔ should FAIL if disk is not encrypted 900: ✔ should FAIL if System disk is not encrypted to target encryption level 901: ✔ should PASS if no ECS disks found 902: ✔ should UNKNOWN if unable to query ECS disks 903: bucketCmkEncrypted 904: run 905: ✔ should FAIL if OSS bucket is not encrypted to required encryption level 906: ✔ should FAIL if OSS bucket is not encrypted 907: ✔ should PASS if OSS bucket is encrypted to required encryption level 908: ✔ should PASS if no OSS buckets found 909: ✔ should UNKNOWN if unable to query for OSS buckets 910: ✔ should UNKNOWN if unable to query OSS bucket info 911: bucketCrossRegionReplication 912: run 913: ✔ should FAIL if bucket does not have cross region replication enabled 914: ✔ should FAIL if bucket info does not have cross region replication property 915: ✔ should PASS if bucket has cross region replication enabled 916: ✔ should PASS if no OSS buckets found 917: ✔ should UNKNOWN if unable to query for OSS buckets 918: ✔ should UNKNOWN if unable to query OSS bucket info 919: bucketLoggingEnabled 920: run 921: ✔ should FAIL if bucket does not have logging enabled 922: ✔ should PASS if bucket has logging enabled 923: ✔ should PASS if no OSS buckets found 924: ✔ should UNKNOWN if unable to query for OSS buckets 925: ✔ should UNKNOWN if unable to query OSS bucket info 926: bucketRequestPayment 927: run 928: ✔ should FAIL if bucket does not have pay per requester enabled 929: ✔ should FAIL if payer property is not returned 930: ✔ should PASS if bucket has pay per requester enabled 931: ✔ should PASS if no OSS buckets found 932: ✔ should UNKNOWN if unable to query for OSS buckets 933: ✔ should UNKNOWN if unable to query OSS bucket info 934: ossBucketIpRestriction 935: run 936: ✔ should PASS if OSS bucket has IP restrictions configured 937: ✔ should FAIL if OSS bucket does not have IP restrictions configured 938: ✔ should FAIL if no OSS bucket policy found 939: ✔ should PASS if no OSS buckets found 940: ✔ should UNKNOWN if unable to query for OSS buckets 941: ✔ should UNKNOWN if unable to query OSS bucket policy 942: bucketLifecycle 943: run 944: ✔ should FAIL if bucket does not have lifecycle policies 945: ✔ should PASS if bucket has lifecycle policies enabled 946: ✔ should PASS if bucket has lifecycle policies disabled 947: ✔ should PASS if no OSS buckets found 948: ✔ should UNKNOWN if unable to query for OSS buckets 949: ✔ should UNKNOWN if Unable to query OSS bucket lifecycle policy info 950: ossBucketPrivate 951: run 952: ✔ should FAIL if bucket ACL allows public-read-write access 953: ✔ should PASS if bucket ACL allows private access 954: ✔ should PASS if no OSS buckets found 955: ✔ should UNKNOWN if unable to query for OSS buckets 956: ✔ should UNKNOWN if unable to query OSS bucket info 957: ossBucketSecureTransport 958: run 959: ✔ should PASS if OSS bucket has secure transport enabled 960: ✔ should FAIL if OSS bucket does not have secure transport enabled 961: ✔ should FAIL if no OSS bucket policy found 962: ✔ should PASS if no OSS buckets found 963: ✔ should UNKNOWN if unable to query for OSS buckets 964: ✔ should UNKNOWN if unable to query OSS bucket policy 965: bucketTransferAcceleration 966: run 967: ✔ should FAIL if bucket does not have transfer acceleration enabled 968: ✔ should FAIL if bucket info does not have transfer acceleration property 969: ✔ should PASS if bucket has transfer acceleration enabled 970: ✔ should PASS if no OSS buckets found 971: ✔ should UNKNOWN if unable to query for OSS buckets 972: ✔ should UNKNOWN if unable to query OSS bucket info 973: ossBucketVersioning 974: run 975: ✔ should FAIL if bucket versioning is not enabled 976: ✔ should PASS if bucket versioning is enabled 977: ✔ should PASS if no OSS buckets found 978: ✔ should UNKNOWN if unable to query for OSS buckets 979: ✔ should UNKNOWN if unable to query OSS bucket info 980: accessKeysRotation 981: run 982: ✔ should FAIL if RAM user access keys are not rotated every 90 days or less 983: ✔ should PASS if RAM user access keys are not rotated every 90 days or less 984: ✔ should PASS if RAM user does not have any access keys 985: ✔ should PASS if No RAM users found 986: ✔ should UNKNOWN if unable to query user access keys 987: ✔ should UNKNOWN if unable to query RAM users 988: inactiveUserDisabled 989: run 990: ✔ should FAIL if RAM user is enabled on being inactive for 90 or more days 991: ✔ should PASS if RAM user is disabled on being inactive for 90 or more days 992: ✔ should PASS if RAM user last activity was before 90 days 993: ✔ should PASS if No RAM users found 994: ✔ should UNKNOWN if Unable to query login profile 995: ✔ should UNKNOWN if Unable to query RAM users 996: passwordBlockLogon 997: run 998: ✔ should FAIL if RAM password security policy does not require logon to be blocked after 5 attempts 999: ✔ should PASS if RAM password security policy requires logon to be blocked after 5 attempts 1000: ✔ should UNKNOWN if unable to query RAM password policy 1001: passwordExpiry 1002: run 1003: ✔ should FAIL if RAM password security policy does not require password to be expired after 90 days 1004: ✔ should PASS if RAM password security policy requires password to be expired after set days 1005: ✔ should UNKNOWN if unable to query RAM password policy 1006: passwordMinLength 1007: run 1008: ✔ should FAIL if RAM password security policy does not require minimum length of 14 or greater 1009: ✔ should PASS if RAM password security policy require minimum length of 14 or greater 1010: ✔ should UNKNOWN if unable to query RAM password policy 1011: passwordNoReuse 1012: run 1013: ✔ should FAIL if RAM password security policy does not requires to prevent reusing 5 previous passwords 1014: ✔ should PASS if RAM password security policy requires to prevent reusing 5 previous passwords 1015: ✔ should UNKNOWN if unable to query RAM password policy 1016: passwordRequiresLowercase 1017: run 1018: ✔ should FAIL if RAM password security policy does not require lowercase characters 1019: ✔ should PASS if RAM password security policy requires lowercase characters 1020: ✔ should UNKNOWN if unable to query RAM password policy 1021: passwordRequiresNumbers 1022: run 1023: ✔ should FAIL if RAM password security policy does not require numbers 1024: ✔ should PASS if RAM password security policy requires numbers 1025: ✔ should UNKNOWN if unable to query RAM password policy 1026: passwordRequiresSymbols 1027: run 1028: ✔ should FAIL if RAM password security policy does not require symbols 1029: ✔ should PASS if RAM password security policy requires symbols 1030: ✔ should UNKNOWN if unable to query RAM password policy 1031: passwordRequiresUppercase 1032: run 1033: ✔ should FAIL if RAM password security policy does not require uppercase characters 1034: ✔ should PASS if RAM password security policy requires uppercase characters 1035: ✔ should UNKNOWN if unable to query RAM password policy 1036: ramAdminPolicy 1037: run 1038: ✔ should FAIL if Policy provides admin (*:*) access and attachment count is greater than 0 1039: ✔ should PASS if Policy provides admin (*:*) access but attachment count is 0 1040: ✔ should PASS if Policy does not provide admin (*:*) access 1041: ✔ should PASS if No RAM policies found 1042: ✔ should UNKNOWN if Unable to query RAM policies 1043: ✔ should UNKNOWN if Unable to get RAM policy 1044: ramPolicyAttachments 1045: run 1046: ✔ should FAIL if User has policies attached 1047: ✔ should PASS if no policies are attached to user 1048: ✔ should PASS if No RAM users found 1049: ✔ should UNKNOWN if Unable to query RAM users 1050: usersMfaEnabled 1051: run 1052: ✔ should FAIL if RAM user does not have MFA device configured 1053: ✔ should PASS if RAM user has MFA device configured 1054: ✔ should PASS if No RAM users found 1055: ✔ should UNKNOWN if Unable to query RAM users 1056: rdsAuditingEnabled 1057: run 1058: ✔ should FAIL if RDS DB instance does not have sql auditing enabled 1059: ✔ should PASS if RDS DB instance have sql auditing enabled 1060: ✔ should PASS if no RDS DB instances found 1061: ✔ should UNKNOWN if unable to query RDS DB instances 1062: ✔ should UNKNOWN if unable to query DB sql auditing policy 1063: rdsLogConnectionEnabled 1064: run 1065: ✔ should FAIL if RDS DB instance does not have log_connections parameter enabled 1066: ✔ should PASS if RDS DB instance has log_connections parameter enabled 1067: ✔ should PASS if no RDS DB instances found 1068: ✔ should UNKNOWN if unable to query RDS DB instances 1069: ✔ should UNKNOWN if unable to query DB parameters 1070: rdsLogDisconnectionsEnabled 1071: run 1072: ✔ should FAIL if RDS DB instance does not have log_disconnections parameter enabled 1073: ✔ should PASS if RDS DB instance has log_disconnections parameter enabled 1074: ✔ should PASS if no RDS DB instances found 1075: ✔ should UNKNOWN if unable to query RDS DB instances 1076: ✔ should UNKNOWN if unable to query DB parameters 1077: rdsLogDuration 1078: run 1079: ✔ should FAIL if RDS DB instance does not have log_duration parameter enabled 1080: ✔ should PASS if RDS DB instance has log_duration parameter enabled 1081: ✔ should PASS if no RDS DB instances found 1082: ✔ should UNKNOWN if unable to query RDS DB instances 1083: ✔ should UNKNOWN if unable to query DB parameters 1084: rdsPublicAccess 1085: run 1086: ✔ should FAIL if RDS DB instance is publicly accessible 1087: ✔ should PASS if RDS DB instance is not publicly accessible 1088: ✔ should PASS if no RDS DB instances found 1089: ✔ should UNKNOWN if unable to query RDS DB instances 1090: ✔ should UNKNOWN if Unable to query DB IP Array List 1091: rdsSqlAuditRetentionPeriod 1092: run 1093: ✔ should FAIL if RDS DB instance does not have sql audit log retention greater than 180 days 1094: ✔ should FAIL if RDS DB instance does not have sql audit log retention greater than set days limit 1095: ✔ should PASS if RDS DB instance have sql audit log retention greater than 180 days 1096: ✔ should PASS if RDS DB instance have sql audit log retention greater than set days limit 1097: ✔ should PASS if no RDS DB instances found 1098: ✔ should UNKNOWN if unable to query RDS DB instances 1099: ✔ should UNKNOWN if unable to query DB sql audit log retention 1100: rdsSslEncryptionEnabled 1101: run 1102: ✔ should FAIL if RDS instance does not have SSL encryption enabled 1103: ✔ should PASS if RDS instance has SSL encryption enabled 1104: ✔ should PASS if no RDS DB instances found 1105: ✔ should UNKNOWN if unable to query RDS DB instances 1106: ✔ should UNKNOWN if unable to query RDS instance SSL info 1107: rdsTdeEnabled 1108: run 1109: ✔ should FAIL if RDS DB instance does not have TDE enabled 1110: ✔ should PASS if RDS DB instance have TDE enabled 1111: ✔ should PASS if RDS DB instance have engine type other MySQL 5.6 and SQL Server Enterprise Edition 1112: ✔ should PASS if no RDS DB instances found 1113: ✔ should UNKNOWN if unable to query RDS DB instances 1114: ✔ should UNKNOWN if unable to query RDS DB instance TDE 1115: securityAgentInstalled 1116: run 1117: ✔ should FAIL if there are unprotected assets 1118: ✔ should PASS if there are no unprotected assets 1119: ✔ should UNKNOWN if Unable to query TDS field statistics 1120: securityCenterEdition 1121: run 1122: ✔ should FAIL if Security Center edition is Basic or Anti-virus 1123: ✔ should PASS if Security Center edition is Advanced or plus 1124: ✔ should UNKNOWN if Unable to query Security Center version config 1125: securityNotificationsEnabled 1126: run 1127: ✔ should FAIL if security notifications are not enabled 1128: ✔ should PASS if security notifications are enabled for all alerts 1129: ✔ should PASS if no TDS notice config found 1130: ✔ should UNKNOWN if Unable to query TDS notice config 1131: vulnerabilityScanEnabled 1132: run 1133: ✔ should FAIL if Vulnerability scan is not enabled on all servers 1134: ✔ should PASS if Vulnerability scan is enabled on all servers 1135: ✔ should PASS if no vulnerabity config found 1136: ✔ should UNKNOWN if Unable to query 1137: accessAnalyzerActiveFindings 1138: run 1139: ✔ should FAIL if Amazon IAM access analyzer has active findings. 1140: ✔ should PASS if Amazon IAM access analyzer have no active findings. 1141: ✔ should PASS if no analyzers found 1142: ✔ should UNKNOWN if Unable to query for IAM access analyzers 1143: accessAnalyzerEnabled 1144: run 1145: ✔ should PASS if Access Analyzer is enabled 1146: ✔ should FAIL if Access Analyzer is not enabled 1147: ✔ should FAIL if Access Analyzer not configured 1148: ✔ should UNKNOWN if unable to list Access analyzer 1149: ✔ should not return anything if list Access Analyzers response is not found 1150: acmCertificateExpiry 1151: run 1152: ✔ should PASS if certificate expiration date exceeds set PASS number of days in the future 1153: ✔ should FAIL if certificate expiration date does not exceed set WARN number of days in the future 1154: ✔ should FAIL if certificate has already expired ... 1158: ✔ should UNKNOWN if unable to list ACM certificates 1159: ✔ should UNKNOWN if unable to describe ACM certificate 1160: acmCertificateHasTags 1161: run 1162: ✔ should give unknown result if unable to list acm certificates 1163: ✔ should give passing result if acm certificates not found. 1164: ✔ should give unknown result if unable to query resource group tagging api 1165: ✔ should give passing result if acm certificates have tags 1166: ✔ should give failing result if eks cluster does not have tags 1167: acmSingleDomainNameCertificate 1168: run 1169: ✔ should PASS if ACM certificate is a single domain name certificate 1170: ✔ should FAIL if ACM certificate is a wildcard certificate 1171: ✔ should PASS if No ACM certificates found 1172: ✔ should UNKNOWN if unable to list ACM certificates 1173: ✔ should UNKNOWN if unable to describe ACM certificate 1174: acmValidation 1175: run 1176: ✔ should PASS if ACM certificate is using DNS validations 1177: ✔ should FAIL if ACM certificate has failed validations 1178: ✔ should WARN if ACM certificate is using EMAIL validation 1179: ✔ should PASS if No ACM certificates found 1180: ✔ should UNKNOWN if unable to list ACM certificates 1181: ✔ should UNKNOWN if unable to describe ACM certificate 1182: apigatewayAuthorization 1183: run 1184: ✔ should return UNKNOWN if unable to query for API Gateway Rest APIs 1185: ✔ should return PASS if no API Gateway Rest APIs found 1186: ✔ should return FAIL if no authorizers exist for API Gateway Rest API 1187: ✔ should return PASS if authorizers exist for API Gateway Rest API 1188: ✔ should not return anything if get Rest APIs response is not found 1189: apigatewayCertificateRotation 1190: run 1191: ✔ should PASS if API Gateway API stages do not need client certificate rotation 1192: ✔ should FAIL if API Gateway API stage needs client certificate rotation 1193: ✔ should FAIL if API Gateway API stage client certificate has already expired ... 1195: ✔ should PASS if No API Gateway Rest API stages found 1196: ✔ should PASS if No API Gateway Rest API stage client certificate found 1197: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1198: ✔ should UNKNOWN if unable to get API Gateway Rest API stages 1199: ✔ should not return anything if get Rest APIs response is not found 1200: apigatewayClientCertificate 1201: run 1202: ✔ should PASS if API Gateway API use client certificate for all stages 1203: ✔ should FAIL if API Gateway API does not use client certificate for all stages 1204: ✔ should PASS if No API Gateway Rest APIs found 1205: ✔ should PASS if No API Gateway Rest API Stages found 1206: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1207: ✔ should UNKNOWN if unable to get API Gateway Rest API Stages 1208: ✔ should not return anything if get Rest APIs response is not found 1209: apigatewayCloudwatchLogs 1210: run 1211: ✔ should PASS if API Gateway API has CloudWatch Logs enabled for all stages 1212: ✔ should FAIL if API Gateway API does not have CloudWatch Logs enabled for stages 1213: ✔ should PASS if No API Gateway Rest APIs found 1214: ✔ should PASS if No API Gateway Rest API Stages found 1215: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1216: ✔ should UNKNOWN if unable to get API Gateway Rest API Stages 1217: ✔ should not return anything if get Rest APIs response is not found 1218: apigatewayContentEncoding 1219: run 1220: ✔ should PASS if API Gateway API stage has content encoding enabled 1221: ✔ should FAIL if API Gateway API stage does not have content encoding enabled 1222: ✔ should PASS if No API Gateway Rest APIs found 1223: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1224: ✔ should not return anything if get Rest APIs response is not found 1225: apigatewayTlsDefaultEndpoint 1226: run 1227: ✔ should PASS if No API Gateway rest APIs found 1228: ✔ should PASS if API Gateway is not accessible through default endpoint 1229: ✔ should FAIL if API Gateway is accessible through default endpoint 1230: ✔ should UNKNOWN if unable to query for API Gateways 1231: apigatewayPrivateEndpoints 1232: run 1233: ✔ should PASS if API Gateway API is only accessible through private endpoints 1234: ✔ should FAIL if API Gateway API is accessible through public endpoints 1235: ✔ should PASS if No API Gateway Rest APIs found 1236: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1237: ✔ should not return anything if get Rest APIs response is not found 1238: apigatewayResponseCaching 1239: run 1240: ✔ should PASS if Response caching is enabled for API Gateway API stage 1241: ✔ should FAIL if Response caching is not enabled for API Gateway API stage 1242: ✔ should PASS if No API Gateway Rest APIs found 1243: ✔ should PASS if No API Gateway Rest API Stages found 1244: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1245: ✔ should UNKNOWN if unable to get API Gateway Rest API Stages 1246: ✔ should not return anything if get Rest APIs response is not found 1247: apigatewayTracingEnabled 1248: run 1249: ✔ should PASS if API Gateway API has tracing enabled for all stages 1250: ✔ should FAIL if API Gateway API does not have tracing enabled for stages 1251: ✔ should PASS if No API Gateway Rest APIs found 1252: ✔ should PASS if No API Gateway Rest API Stages found 1253: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1254: ✔ should UNKNOWN if unable to get API Gateway Rest API Stages 1255: ✔ should not return anything if get Rest APIs response is not found 1256: apigatewayWafEnabled 1257: run 1258: ✔ should PASS if API Gateway API has WAF enabled for all stages 1259: ✔ should FAIL if API Gateway API does not have WAF enabled for stages 1260: ✔ should PASS if No API Gateway Rest APIs found 1261: ✔ should PASS if No API Gateway Rest API Stages found 1262: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1263: ✔ should UNKNOWN if unable to get API Gateway Rest API Stages 1264: ✔ should not return anything if get Rest APIs response is not found 1265: apiStageLevelCacheEncryption 1266: run 1267: ✔ should PASS if API Gateway stage encrypts cache data 1268: ✔ should FAIL if API Gateway stage does not encrypt cache data ... 1270: ✔ should PASS if No API Gateway Rest APIs found 1271: ✔ should PASS if No API Gateway Rest API Stages found 1272: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1273: ✔ should UNKNOWN if unable to get API Gateway Stages 1274: apigatewayCustomDomainDeprecatedProtocol 1275: run 1276: ✔ should PASS if No API Gateway Custom Domains found 1277: ✔ should PASS if API Gateway Custom Domain is using current minimum TLS version 1278: ✔ should FAIL if API Gateway Custom Domain is using deprecated TLS version 1279: ✔ should UNKNOWN if unable to query for API Gateways 1280: detailedCloudWatchMetrics 1281: run 1282: ✔ should PASS if API Gateway API has detailed CloudWatch metrics enabled for all stages 1283: ✔ should FAIL if API Gateway API does not have detailed CloudWatch metrics enabled for stages 1284: ✔ should PASS if No API Gateway Rest APIs found 1285: ✔ should PASS if No API Gateway Rest API Stages found 1286: ✔ should UNKNOWN if unable to get API Gateway Rest APIs 1287: ✔ should UNKNOWN if unable to get API Gateway Rest API Stages 1288: ✔ should not return anything if get Rest APIs response is not found 1289: flowEncrypted 1290: run 1291: ✔ should PASS if AppFlow flow is encrypted with desired encryption level 1292: ✔ should FAIL if AppFlow flow is not encrypted with desired encryption level 1293: ✔ should PASS if no AppFlow flows found 1294: ✔ should UNKNOWN if unable to list AppFlow flows 1295: ✔ should UNKNOWN if unable to list KMS keys 1296: appmeshTLSRequired 1297: run 1298: ✔ should PASS if App Mesh virtual gateway listeners restrict TLS enabled connections 1299: ✔ should FAIL if App Mesh vitual gateway listeners does not restrict TLS enabled connections 1300: ✔ should PASS if no App Mesh meshes found 1301: ✔ should UNKNOWN if Unable to list App Mesh meshes 1302: ✔ should UNKNOWN if unable to list App Mesh virtual gateways 1303: ✔ should not return anything if list App Mesh meshes response not found 1304: appmeshVGAccessLogging 1305: run 1306: ✔ should PASS if access logging is enabled and configured for Amazon App Mesh virtual gateways 1307: ✔ should FAIL if access logging is not enabled for Amazon App Mesh virtual gateways 1308: ✔ should PASS if No App Meshes found 1309: ✔ should UNKNOWN if unable to query for App Mesh meshes 1310: ✔ should UNKNOWN if unable to query for App Mesh virtual gateways 1311: ✔ should not return anything if list App Meshes response not found 1312: appmeshVGHealthChecks 1313: run 1314: ✔ should PASS if health check policies are configured for Amazon App Mesh virtual gateways 1315: ✔ should FAIL if health check policies are not configured for Amazon App Mesh virtual gateways 1316: ✔ should PASS if No App Meshes found 1317: ✔ should UNKNOWN if unable to query for App Mesh meshes 1318: ✔ should UNKNOWN if unable to query for App Mesh virtual gateways 1319: ✔ should not return anything if list App Meshes response not found 1320: restrictExternalTraffic 1321: run 1322: ✔ should PASS if App Mesh mesh does not allow access to external services 1323: ✔ should FAIL if App Mesh mesh allows access to external services 1324: ✔ should PASS if no App Meshes found 1325: ✔ should UNKNOWN if Unable to query for App Mesh meshes 1326: ✔ should UNKNOWN if Unable to describe App Mesh mesh 1327: serviceEncrypted 1328: run 1329: ✔ should PASS if App Runner service is encrypted with desired encryption level 1330: ✔ should FAIL if App Runner service not encrypted with desired encryption level 1331: ✔ should PASS if no App Runner service found 1332: ✔ should UNKNOWN if unable to list Services 1333: ✔ should UNKNOWN if unable to list KMS keys 1334: workgroupEncrypted 1335: run 1336: ✔ should PASS if Athena workgroup is using encryption 1337: ✔ should PASS if Athena primary workgroup does not have encryption enabled but is not in use. 1338: ✔ should FAIL if Athena workgroup is not using encryption 1339: ✔ should PASS if no Athena workgroups found 1340: ✔ should UNKNOWN if unable to list Athena workgroups 1341: ✔ should UNKNOWN if unable to describe Athena workgroup 1342: ✔ should not return any results if list workgroups response not found 1343: workgroupEnforceConfiguration 1344: run 1345: ✔ should PASS if Athena workgroup is enforcing configuration options 1346: ✔ should PASS if Athena primary workgroup is not enforcing configuration options but is not in use 1347: ✔ should FAIL if Athena workgroup is not enforcing configuration options 1348: ✔ should PASS if no Athena workgroups found 1349: ✔ should UNKNOWN if unable to list Athena workgroups 1350: ✔ should UNKNOWN if unable to describe Athena workgroup 1351: ✔ should not return any results if list workgroups response not found 1352: auditmanagerDataEncrypted 1353: run 1354: ✔ should PASS if Audit Manager data is encrypted with desired encryption level 1355: ✔ should FAIL if Audit Manager data is not encrypted with desired encryption level 1356: ✔ should PASS if Audit Manager is not setup for the region 1357: ✔ should UNKNOWN if unable to get Audit Manager settings 1358: ✔ should UNKNOWN if unable to list KMS keys 1359: appTierAsgApprovedAmi 1360: run 1361: ✔ should PASS if Launch Configuration for App-Tier Auto Scaling group is using approved AMIs 1362: ✔ should FAIL if Launch Configuration for App-Tier Auto Scaling group is not using active AMIs 1363: ✔ should FAIL if Launch Configuration for App-Tier Auto Scaling group is not using any AMI ... 1365: ✔ should PASS if no App-Tier Auto Scaling groups found 1366: ✔ should PASS if no Auto Scaling groups found 1367: ✔ should UNKNOWN if unable to describe Auto Scaling groups 1368: ✔ should not return anything if describe Auto Scaling groups response not found 1369: ✔ should not return anything if App-Tier tag key is not provided in settings 1370: appTierAsgCloudWatchLogs 1371: run 1372: ✔ should PASS if App-Tier Auto Scaling launch configuration is using CloudWatch Logs agent 1373: ✔ should FAIL if App-Tier Auto Scaling launch configuration is not using CloudWatch Logs agent 1374: ✔ should UNKNOWN if unable to describe launch configuration for App-Tier Auto Scaling group 1375: ✔ should PASS if no App-Tier Auto Scaling groups found 1376: ✔ should PASS if no Auto Scaling groups found 1377: ✔ should UNKNOWN if unable to describe Auto Scaling groups 1378: ✔ should not return anything if no Auto Scaling groups found 1379: appTierIamRole 1380: run 1381: ✔ should PASS if launch configuration for App-Tier group has customer IAM role configured 1382: ✔ should FAIL if launch configuration for App-Tier group does not have customer IAM role configured ... 1385: ✔ should PASS if no App-Tier Auto Scaling groups found 1386: ✔ should PASS if no Auto Scaling launch configurations found 1387: ✔ should UNKNOWN if unable to describe Auto Scaling groups 1388: ✔ should UNKNOWN if unable to describe Auto Scaling launch configurations 1389: ✔ should not return anything if no response for describe Auto Scaling groups 1390: asgActiveNotifications 1391: run 1392: ✔ should PASS if notification are active for auto scaling group 1393: ✔ should FAIL if notification are not active for auto scaling group 1394: ✔ should UNKNOWN if unable to describe auto scaling group found 1395: ✔ should not return anything if no auto scaling group found 1396: ✔ should FAIL if No auto scaling group notification configurations found 1397: asgCooldownPeriod 1398: run 1399: ✔ should PASS if Amazon Auto Scaling Groups are utilizing cool down period 1400: ✔ should FAIL if the cool down period setting is not properly configured for the selected Amazon ASG 1401: ✔ should PASS if no AutoScaling groups found 1402: ✔ should UNKNOWN if an error occurs while describing AutoScaling groups 1403: ✔ should not return anything if unable to query for AutoScaling groups 1404: asgMissingELB 1405: run 1406: ✔ should PASS if AutoScaling group utilizes active load balancer 1407: ✔ should FAIL if AutoScaling group utilizes inactive load balancer 1408: ✔ should FAIL if AutoScaling group does not have any ELB associated 1409: ✔ should PASS if AutoScaling group does not utilize a load balancer 1410: ✔ should UNKNOWN if unable to describe AutoScaling group found 1411: ✔ should not return anything if no AutoScaling group found 1412: asgMissingSecurityGroups 1413: run 1414: ✔ should PASS if Auto Scaling launch configuration does not reference any missing EC2 security group 1415: ✔ should FAIL if Auto Scaling launch configuration references missing EC2 security group(s) 1416: ✔ should PASS if no Auto Scaling launch configurations found 1417: ✔ should PASS if Auto Scaling launch configuration does not have any security groups associated 1418: ✔ should FAIL if no EC2 security groups found 1419: ✔ should UNKNOWN if unable to describe Auto Scaling launch configurations 1420: ✔ should not return anything if describe Auto Scaling launch configurations response not found 1421: asgMultiAz 1422: run 1423: ✔ should PASS if Auto Scaling group utilizes multiple availability zones 1424: ✔ should FAIL if Auto Scaling group utilizes one availability zone 1425: ✔ should PASS if no Auto Scaling groups found 1426: ✔ should UNKNOWN if error describing Auto Scaling groups 1427: ✔ should not return anything if unable to describe Auto Scaling groups 1428: asgSuspendedProcesses 1429: run 1430: ✔ should PASS if AutoScaling group does not have any suspended process 1431: ✔ should FAIL if AutoScaling group has suspended processes 1432: ✔ should PASS if no AutoScaling groups found 1433: ✔ should UNKNOWN if an error occurs while describing AutoScaling groups 1434: ✔ should not return anything if unable to query for AutoScaling groups 1435: asgUnusedLaunchConfiguration 1436: run 1437: ✔ should PASS if Auto Scaling launch configuration is being used 1438: ✔ should FAIL if Auto Scaling launch configuration is not being used 1439: ✔ should PASS if no Auto Scaling launch configurations found 1440: ✔ should UNKNOWN if Unable to query for Auto Scaling launch configurations 1441: elbHealthCheckActive 1442: run 1443: ✔ should PASS if Auto Scaling group does not use ELBs 1444: ✔ should PASS if Auto Scaling group has ELB health check active 1445: ✔ should PASS if Auto Scaling group does not use ELBs 1446: ✔ should FAIL if Auto Scaling group does not have ELB health check active 1447: ✔ should PASS if no Auto Scaling groups found 1448: ✔ should UNKNOWN if unable to describe Auto Scaling groups 1449: ✔ should not return anything if no response found for describe Auto Scaling groups 1450: emptyASG 1451: run 1452: ✔ should PASS if autoscaling group contains instance(s) 1453: ✔ should FAIL if autoscaling group does not contain instance(s) 1454: ✔ should PASS if no autoscaling group data found 1455: ✔ should UNKNOWN if unable to describe autoscaling group found 1456: ✔ should not return anything if no autoscaling group found 1457: sameAzElb 1458: run 1459: ✔ should PASS if load balancer is in the same Availability Zone as of AutoScaling group 1460: ✔ should PASS if AutoScaling does not utilizes load balancer as HealthCheckType 1461: ✔ should FAIL if load balancer is not in the same Availability Zone as of AutoScaling group 1462: ✔ should FAIL if autoscaling group utilizes an inactive load balancer 1463: ✔ should UNKOWN if unable to query for load balancers 1464: ✔ should UNKNOWN if unable to describe autoscaling groups 1465: ✔ should not return anything if no autoscaling group found 1466: webTierAsgApprovedAmi 1467: run 1468: ✔ should PASS if Launch Configuration for Web-Tier Auto Scaling group is using approved AMIs 1469: ✔ should FAIL if Launch Configuration for Web-Tier Auto Scaling group is not using active AMIs 1470: ✔ should FAIL if Launch Configuration for Web-Tier Auto Scaling group is not using any AMI ... 1472: ✔ should PASS if no Web-Tier Auto Scaling groups found 1473: ✔ should PASS if no Auto Scaling groups found 1474: ✔ should UNKNOWN if unable to describe Auto Scaling groups 1475: ✔ should not return anything if describe Auto Scaling groups response not found 1476: ✔ should not return anything if Web-Tier tag key is provided in settings 1477: webTierAssociatedElb 1478: run 1479: ✔ should PASS if Web-Tier Auto Scaling group has ELB associated 1480: ✔ should FAIL if Web-Tier Auto Scaling group does not have ELB associated 1481: ✔ should PASS if no Auto Scaling groups found 1482: ✔ should PASS if no Web-Tier Auto Scaling groups found 1483: ✔ should UNKNOWN if unable to describe Auto Scaling groups 1484: ✔ should not return anything if describe Auto Scaling groups response not found 1485: webTierAsgCloudWatchLogs 1486: run 1487: ✔ should PASS if Web-Tier Auto Scaling launch configuration has CloudWatch logs enabled 1488: ✔ should FAIL if Web-Tier Auto Scaling launch configuration does not have CloudWatch logs enabled 1489: ✔ should UNKNOWN if unable to describe launch configuration for Web-Tier Auto Scaling group 1490: ✔ should PASS if no Web-Tier Auto Scaling groups found 1491: ✔ should PASS if no Auto Scaling groups found 1492: ✔ should UNKNOWN if unable to describe Auto Scaling groups 1493: ✔ should not return anything if no Auto Scaling groups found 1494: webTierIamRole 1495: run 1496: ✔ should PASS if launch configuration for Web-Tier group has customer IAM role configured 1497: ✔ should FAIL if launch configuration for Web-Tier group does not have customer IAM role configured ... 1500: ✔ should PASS if no Web-Tier Auto Scaling groups found 1501: ✔ should PASS if no Auto Scaling launch configurations found 1502: ✔ should UNKNOWN if unable to describe Auto Scaling groups 1503: ✔ should UNKNOWN if unable to describe Auto Scaling launch configurations 1504: ✔ should not return anything if no response for describe Auto Scaling groups 1505: backupDeletionProtection 1506: run 1507: ✔ should PASS if Backup vault has deletion protection enabled 1508: ✔ should FAIL if Backup vault does not have deletion protection enabled 1509: ✔ should FAIL if no access policy found for Backup vault 1510: ✔ should PASS if no Backup vault list found 1511: ✔ should UNKNOWN if Unable to query for Backup vault list 1512: ✔ should UNKNOWN if Unable to get Backup vault policy 1513: backupInUseForRDSSnapshots 1514: run 1515: ✔ should PASS if Backup service is in use for RDS snapshots 1516: ✔ should FAIL if Backup service is not in use for RDS snapshots 1517: ✔ should PASS if no RDS snapshots found 1518: ✔ should UNKNOWN if Unable to query for RDS snapshots 1519: backupNotificationEnabled 1520: run 1521: ✔ should PASS if Backup vault is configured to send alert notifications for failed Backup job events 1522: ✔ should FAIL if Backup vault is not configured to send alert notifications for failed Backup job events 1523: ✔ should FAIL if Backup vault does not have any notifications configured 1524: ✔ should PASS if no Backup vault list found 1525: ✔ should UNKNOWN if Unable to query for Backup vault list 1526: ✔ should UNKNOWN if Unable to get event notifications for selected Amazon Backup vault 1527: backupResourceProtection 1528: run 1529: ✔ should PASS if All desired resource types are protected by Backup service 1530: ✔ should FAIL if These desired resource types are not protected by Backup service 1531: ✔ should UNKNOWN Unable to query for Backup resource type opt in preference 1532: backupVaultEncrypted 1533: run 1534: ✔ should PASS if Backup Vault is encrypted with desired encryption level 1535: ✔ should FAIL if Backup Vault is not encrypted with desired encyption level 1536: ✔ should PASS if no Backup vault found 1537: ✔ should UNKNOWN if unable to list Backup vault 1538: ✔ should UNKNOWN if unable to list KMS keys 1539: backupVaultHasTags 1540: run 1541: ✔ should PASS if Backup vault have tags 1542: ✔ should FAIL if Backup vault does not have tags 1543: ✔ should PASS if no Backup vault list found 1544: ✔ should UNKNOWN if Unable to query for Backup vault list 1545: ✔ should give unknown result if unable to query resource group tagging api 1546: backupVaultPolicies 1547: run 1548: ✔ should PASS if Backup vault does not allow global access to the action 1549: ✔ should FAIL if Backup vault allow global access to the action 1550: ✔ should PASS if no Backup vault list found 1551: ✔ should UNKNOWN if Unable to query for Backup vault list 1552: ✔ should UNKNOWN if Unable to get Backup vault policy 1553: compliantLifecycleConfigured 1554: run 1555: ✔ should PASS if Backup plan has lifecycle configuration enabled 1556: ✔ should FAIL if Backup plan does not have lifecycle configuration enabled 1557: ✔ should PASS if no Backup plans found 1558: ✔ should UNKNOWN if Unable to list Backup plans 1559: customModelEncryptionEnabled 1560: run 1561: ✔ should PASS if Bedrock Custom Model is Encrypted using CMK 1562: ✔ should FAIL if Bedrock Custom Model is encrypted with AWS owned key 1563: ✔ should PASS if the desired encryption level for bedrock custom model is awskms 1564: ✔ should PASS if no Bedrock custom model found 1565: ✔ should UNKNOWN if unable to list Bedrock custom model 1566: customModelHasTags 1567: run 1568: ✔ should PASS if Bedrock custom model has tags 1569: ✔ should FAIL if Bedrock custom model doesnot have tags 1570: ✔ should PASS if no Bedrock custom model found 1571: ✔ should UNKNOWN if unable to query Bedrock custom model 1572: ✔ should give unknown result if unable to query resource group tagging api 1573: customModelInVpc 1574: run 1575: ✔ should PASS if Bedrock Custom Model has Vpc configured 1576: ✔ should FAIL if Bedrock Custom Model have not Vpc configured 1577: ✔ should PASS if no Bedrock custom model found 1578: ✔ should UNKNOWN if unable to list Bedrock custom model 1579: modelInvocationLoggingEnabled 1580: run 1581: ✔ should PASS if model invocation logging is enabled for bedrock models 1582: ✔ should FAIL if model invocation logging is disabled for bedrock models 1583: ✔ should UNKNOWN if unable to query for model invocation logging 1584: privateCustomModel 1585: run 1586: ✔ should PASS if Bedrock Custom Model is a private model 1587: ✔ should FAIL if Bedrock Custom Model have not Vpc configured 1588: ✔ should FAIL if Bedrock Custom Model is not a private model 1589: ✔ should PASS if no Bedrock custom model found 1590: ✔ should UNKNOWN if unable to list Bedrock custom model 1591: cloudformationAdminPriviliges 1592: run 1593: ✔ should PASS if CloudFormation stack does not have admin privileges 1594: ✔ should FAIL if CloudFormation stack has admin privileges ... 1598: ✔ should UNKNOWN if unable to list role policies 1599: ✔ should not return anything if list CloudFormation stacks response not found 1600: CloudFormation Deletion Policy in Use 1601: run 1602: ✔ should return unknown result if unable to list the CloudFormation stacks 1603: ✔ should return passing result if unable to list CloudFormation stacks information 1604: ✔ should return unknown result if no CloudFormation stacks found in region 1605: ✔ should return passing result if deletion policy is used for CloudFormation stack 1606: ✔ should return failing result if deletion policy is not used for CloudFormation stack 1607: cloudformationInUse 1608: run 1609: ✔ should PASS if Amazon CloudFormation service is currently in use 1610: ✔ should FAIL if Amazon CloudFormation service is not currently in use 1611: ✔ should UNKNOWN if Unable to query CloudFormation stacks 1612: driftDetection 1613: run 1614: ✔ should PASS if CloudFormation stack is not in drifted state 1615: ✔ should FAIL if CloudFormation stack is in drifted state 1616: ✔ should PASS if no CloudFormation stacks found 1617: ✔ should UNKNOWN if unable to list stacks 1618: ✔ should not return any results if list stacks response not found 1619: plaintextParameters 1620: run 1621: ✔ should PASS if template does not contain any potentially-sensitive parameters 1622: ✔ should PASS if template contains any potentially-sensitive parameters but with NoEcho enabled 1623: ✔ should FAIL if template contains any potentially-sensitive parameters 1624: ✔ should PASS if no CloudFormation stacks found 1625: ✔ should UNKNOWN if unable to list stacks 1626: ✔ should UNKNOWN if unable to describe stacks 1627: ✔ should UNKNOWN if no CloudFormation stack details found 1628: ✔ should not return any results if list stacks response is not found 1629: stackFailedStatus 1630: run 1631: ✔ should PASS if CloudFormation stack is not in failed state 1632: ✔ should PASS if CloudFormation stack is in failed state for less than the failed hours limit 1633: ✔ should FAIL if CloudFormation stack is in failed state for more than the failed hours limit 1634: ✔ should PASS if no CloudFormation stacks found 1635: ✔ should UNKNOWN if unable to describe stacks 1636: ✔ should not return any results if describe stacks response is not found 1637: stackNotifications 1638: run 1639: ✔ should PASS if CloudFormation stack has SNS topic associated 1640: ✔ should FAIL if CloudFormation stack does not have SNS topic associated 1641: ✔ should PASS if no CloudFormation stacks found 1642: ✔ should UNKNOWN if No stack details found 1643: ✔ should UNKNOWN if unable to list stacks 1644: ✔ should UNKNOWN if unable to describe stacks 1645: ✔ should not return any results if list stacks response is not found 1646: stackTerminationProtection 1647: run 1648: ✔ should PASS if CloudFormation stack has SNS topic associated 1649: ✔ should FAIL if CloudFormation stack does not have SNS topic associated ... 1651: ✔ should UNKNOWN if No stack details found 1652: ✔ should UNKNOWN if unable to list stacks 1653: ✔ should UNKNOWN if unable to describe stacks 1654: ✔ should not return any results if list stacks response is not found 1655: cloudfrontCustomOriginHttpsOnly 1656: run 1657: ✔ should PASS if CloudFront distributions is using https only 1658: ✔ should PASS if CloudFront distributions has no origins 1659: ✔ should FAIL if CloudFront Distribution is not https only 1660: ✔ should PASS if no CloudFront distributions found 1661: ✔ should UNKNOWN if unable to list distributions 1662: cloudfrontFieldLevelEncryption 1663: run 1664: ✔ should PASS if distribution has field level encryption enabled 1665: ✔ should FAIL if distribution does not have field level encryption enabled 1666: ✔ should PASS if no CloudFront distributions found 1667: ✔ should UNKNOWN if unable to list distributions 1668: ✔ should not return any results if list distributions response not found 1669: cloudfrontGeoRestriction 1670: run 1671: ✔ should PASS if CloudFront distribution is whitelisting required geographic locations 1672: ✔ should PASS if Geo restriction feature is enabled within CloudFront distribution 1673: ✔ should FAIL if geo restriction is not enabled within CloudFront distribution 1674: ✔ should FAIL if CloudFront distribution does not have required locations whitelisted 1675: ✔ should PASS if no CloudFront distributions found 1676: ✔ should UNKNOWN if unable to query for CloudFront distributions 1677: ✔ should not return any results if list distributions response not found 1678: cloudfrontHttpsOnly 1679: run 1680: ✔ should PASS if CloudFront distribution is set to use HTTPS only 1681: ✔ should PASS if CloudFront distribution is configured to redirect non-HTTPS traffic to HTTPS 1682: ✔ should FAIL if CloudFront distribution is not configured to use HTTPS 1683: ✔ should PASS if no CloudFront distributions found 1684: ✔ should UNKNOWN if unable to list distributions 1685: ✔ should not return any results if list distributions response not found 1686: cloudfrontInUse 1687: run 1688: ✔ should PASS if AWS CloudFront service is in use 1689: ✔ should FAIL if CloudFront service is not in use 1690: ✔ should UNKNOWN if unable to list distributions 1691: ✔ should not return any results if list distributions response not found 1692: cloudfrontLoggingEnabled 1693: run 1694: ✔ should PASS if Request logging is enabled 1695: ✔ should FAIL if Request logging is not enabled 1696: ✔ should PASS if no CloudFront distributions found 1697: ✔ should UNKNOWN if unable to list distributions 1698: ✔ should UNKNOWN if unable to get distributions 1699: ✔ should not return any results if list distributions response not found 1700: cloudfrontOriginTLSVersion 1701: run 1702: ✔ should PASS if CloudFront distributions custom origin TLS version is not deprecated 1703: ✔ should PASS if CloudFront distributions has no origins 1704: ✔ should FAIL if CloudFront Distribution custom origin TLS version is deprecated 1705: ✔ should PASS if no CloudFront distributions found 1706: ✔ should UNKNOWN if unable to list distributions 1707: cloudfrontTLSVersion 1708: run 1709: ✔ should PASS if CloudFront distributions TLS version is not deprecated 1710: ✔ should FAIL if CloudFront DistributionTLS version is deprecated 1711: ✔ should PASS if no CloudFront distributions found 1712: ✔ should UNKNOWN if unable to list distributions 1713: cloudfrontTLSWeakCipher 1714: run 1715: ✔ should PASS if CloudFront distributions TLS version is not weak cipher suite 1716: ✔ should FAIL if CloudFront Distribution TLS version is weak cipher suite 1717: ✔ should PASS if no CloudFront distributions found 1718: ✔ should UNKNOWN if unable to list distributions 1719: cloudfrontWafEnabled 1720: run 1721: ✔ should PASS if CloudFront distributions has WAF enabled 1722: ✔ should FAIL if CloudFront Distribution does not have WAF enabled 1723: ✔ should PASS if no CloudFront distributions found 1724: ✔ should UNKNOWN if unable to list distributions 1725: ✔ should not return any results if list distributions response not found 1726: compressObjectsAutomatically 1727: run 1728: ✔ should PASS if CloudFront web distribution is currently configured to compress files (objects) automatically 1729: ✔ should FAIL if CloudFront web distribution is currently configured to compress files (objects) automatically. 1730: ✔ should PASS if no CloudFront distributions found 1731: ✔ should UNKNOWN if unable to list distributions 1732: ✔ should not return any results if list distributions response not found 1733: enableOriginFailOver 1734: run 1735: ✔ should PASS if CloudFront distribution have origin failover enabled. 1736: ✔ should FAIL if CloudFront distribution does not have origin failover enabled. 1737: ✔ should PASS if no CloudFront distributions found 1738: ✔ should UNKNOWN if query for CloudFront distributions 1739: ✔ should not return any results if list distributions response not found 1740: insecureProtocols 1741: run 1742: ✔ should PASS if Distribution is not configured for SSL delivery 1743: ✔ should PASS if Distribution is using secure default certificate 1744: ✔ should FAIL if Distribution is using the insecure default CloudFront TLS certificate 1745: ✔ should FAIL if Distribution is using insecure SSLv3 1746: ✔ should FAIL if Distribution is using insecure TLSv1.0 1747: ✔ should FAIL if Distribution is using insecure TLSv1_2016 1748: ✔ should PASS if Distribution is using secure TLSv1.1_2016 1749: ✔ should PASS if Distribution is using secure TLSv1.2_2018 1750: ✔ should PASS if no CloudFront distributions found 1751: ✔ should UNKNOWN if unable to list distributions 1752: ✔ should not return any results if list distributions response not found 1753: publicS3Origin 1754: run 1755: ✔ should PASS if CloudFront distribution origin is not setup without an origin access identity 1756: ✔ should FAIL if CloudFront CloudFront distribution is using an S3 origin without an origin access identity 1757: ✔ should PASS if no CloudFront distributions found 1758: ✔ should UNKNOWN if unable to list distributions 1759: ✔ should not return any results if list distributions response not found 1760: secureOrigin 1761: run 1762: ✔ should PASS if CloudFront origin is using https-only 1763: ✔ should WARN if CloudFront origin is using match-viewer 1764: ✔ should FAIL if CloudFront origin is using http-only 1765: ✔ should FAIL if CloudFront origin is using SSLv3 and TLSv1 protocols 1766: ✔ should FAIL if CloudFront origin is using SSLv3 protocols 1767: ✔ should WARN if CloudFront origin is using TLSv1 protocol 1768: ✔ should PASS if no CloudFront distributions found 1769: ✔ should UNKNOWN if unable to list distributions 1770: ✔ should not return any results if list distributions response not found 1771: cloudtrailBucketAccessLogging 1772: run 1773: ✔ should PASS if bucket has S3 access logs enabled 1774: ✔ should WARN if bucket has S3 access logs disabled 1775: ✔ should FAIL if Unable to locate S3 bucket, it may have been deleted 1776: ✔ should PASS if no S3 bucket to check 1777: ✔ should UNKNOWN if unable to query for trails 1778: ✔ should UNKNOWN if unable to query for bucket policy 1779: ✔ should PASS if bucket gets whitelisted 1780: cloudtrailBucketDelete 1781: run 1782: ✔ should PASS if bucket has MFA delete enabled 1783: ✔ should WARN if bucket has MFA delete enabled 1784: ✔ should FAIL if Unable to locate S3 bucket, it may have been deleted 1785: ✔ should PASS if no S3 bucket to check 1786: ✔ should UNKNOWN if unable to query for trails 1787: ✔ should UNKNOWN if unable to query for bucket policy 1788: ✔ should PASS if bucket gets whitelisted 1789: cloudtrailBucketPrivate 1790: run 1791: ✔ should PASS if bucket does not allow global access 1792: ✔ should FAIL if bucket allows global access 1793: ✔ should FAIL if Unable to locate S3 bucket, it may have been deleted 1794: ✔ should PASS if no S3 bucket to check 1795: ✔ should UNKNOWN if unable to query for trails 1796: ✔ should UNKNOWN if unable to query for bucket policy 1797: ✔ should PASS if bucket gets whitelisted 1798: cloudtrailDataEvents 1799: run 1800: ✔ should PASS if CloudTrail trail has data events configured 1801: ✔ should FAIL if CloudTrail trail does not have data events configured 1802: ✔ should PASS if no CloudTrail trails found 1803: ✔ should UNKNOWN if unable to query trails 1804: ✔ should not return any results describe trail response not found 1805: cloudtrailDeliveryFailing 1806: run 1807: ✔ should PASS if logs for CloudTrail trail are being delivered 1808: ✔ should PASS if CloudTrail trail is set to pass without checking logs delivery status 1809: ✔ should FAIL if logs for CloudTrail trail are not being delivered 1810: ✔ should FAIL if CloudTrail is not enabled 1811: ✔ should UNKNOWN if unable to describe CloudTrail trails 1812: ✔ should UNKNOWN if unable to get CloudTrail trail status 1813: ✔ should not return anything if describe CloudTrail trails response not found 1814: cloudtrailEnabled 1815: run 1816: ✔ should PASS if CloudTrail is enabled and monitoring regional and global services 1817: ✔ should PASS if CloudTrail is configured and enabled to monitor global services 1818: ✔ should PASS if CloudTrail is enabled and monitoring regional services 1819: ✔ should FAIL if CloudTrail is configured for regional monitoring but is not logging API calls 1820: ✔ should FAIL if CloudTrail is configured for regional monitoring but is not logging API calls 1821: ✔ should FAIL if CloudTrail is not enabled 1822: ✔ should FAIL if CloudTrail is not configured to monitor global services 1823: ✔ should UNKNOWN if unable to query for trails 1824: cloudtrailEncryption 1825: run 1826: ✔ should PASS if CloudTrail encryption is enabled 1827: ✔ should FAIL if CloudTrail encryption is not enabled 1828: ✔ should FAIL if no CloudTrail is not enabled 1829: ✔ should UNKNOWN if unable to query for trails 1830: ✔ should not return any results if describe CloudTrail response not found 1831: cloudtrailFileValidation 1832: run 1833: ✔ should PASS if CloudTrail log file validation is enabled 1834: ✔ should FAIL if CloudTrail log file validation is not enabled 1835: ✔ should FAIL if no CloudTrail is not enabled 1836: ✔ should UNKNOWN if unable to query for trails 1837: ✔ should not return any results if describe CloudTrail response not found 1838: cloudtrailHasTags 1839: run 1840: ✔ should UNKNOWN if unable to query for trails 1841: ✔ should Passing result if cloud t...