Skip to content

Commit

Permalink
add cmd to format examples
Browse files Browse the repository at this point in the history
Signed-off-by: Nikita Pivkin <[email protected]>
  • Loading branch information
nikpivkin committed Oct 15, 2024
1 parent 3f0a2ab commit 9c789af
Show file tree
Hide file tree
Showing 220 changed files with 4,166 additions and 3,975 deletions.
8 changes: 6 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ fmt-rego:

.PHONY: test-rego
test-rego:
go run ./cmd/opa test --explain=fails lib/ checks/
go run ./cmd/opa test --explain=fails lib/ checks/ --ignore '*.yaml'

.PHONY: bundle
bundle: create-bundle verify-bundle
Expand Down Expand Up @@ -49,4 +49,8 @@ verify-bundle:
rm scripts/bundle.tar.gz

build-opa:
go build ./cmd/opa
go build ./cmd/opa

.PHONY: fmt-examples
fmt-examples:
go run ./cmd/fmt-examples
23 changes: 12 additions & 11 deletions avd_docs/aws/apigateway/AVD-AWS-0001/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,20 @@
Enable logging for API Gateway stages

```yaml
AWSTemplateFormatVersion: 2010-09-09T00:00:00Z
AWSTemplateFormatVersion: "2010-09-09T00:00:00Z"
Description: Good Example of ApiGateway
Resources:
GoodApi:
Type: AWS::ApiGatewayV2::Api
GoodApiStage:
Properties:
AccessLogSettings:
DestinationArn: gateway-logging
Format: json
ApiId: GoodApi
StageName: GoodApiStage
Type: AWS::ApiGatewayV2::Stage
GoodApi:
Type: AWS::ApiGatewayV2::Api
GoodApiStage:
Properties:
AccessLogSettings:
DestinationArn: gateway-logging
Format: json
ApiId: GoodApi
StageName: GoodApiStage
Type: AWS::ApiGatewayV2::Stage

```


17 changes: 9 additions & 8 deletions avd_docs/aws/athena/AVD-AWS-0006/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,15 @@ Enable encryption at rest for Athena databases and workgroup configurations

```yaml
Resources:
GoodExample:
Properties:
Name: goodExample
WorkGroupConfiguration:
ResultConfiguration:
EncryptionConfiguration:
EncryptionOption: SSE_KMS
Type: AWS::Athena::WorkGroup
GoodExample:
Properties:
Name: goodExample
WorkGroupConfiguration:
ResultConfiguration:
EncryptionConfiguration:
EncryptionOption: SSE_KMS
Type: AWS::Athena::WorkGroup

```


19 changes: 10 additions & 9 deletions avd_docs/aws/athena/AVD-AWS-0007/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,16 @@ Enforce the configuration to prevent client overrides

```yaml
Resources:
GoodExample:
Properties:
Name: goodExample
WorkGroupConfiguration:
EnforceWorkGroupConfiguration: true
ResultConfiguration:
EncryptionConfiguration:
EncryptionOption: SSE_KMS
Type: AWS::Athena::WorkGroup
GoodExample:
Properties:
Name: goodExample
WorkGroupConfiguration:
EnforceWorkGroupConfiguration: true
ResultConfiguration:
EncryptionConfiguration:
EncryptionOption: SSE_KMS
Type: AWS::Athena::WorkGroup

```


27 changes: 14 additions & 13 deletions avd_docs/aws/cloudfront/AVD-AWS-0010/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,20 @@ Enable logging for CloudFront distributions

```yaml
Resources:
GoodExample:
Properties:
DistributionConfig:
DefaultCacheBehavior:
TargetOriginId: target
ViewerProtocolPolicy: https-only
Enabled: true
Logging:
Bucket: logging-bucket
Origins:
- DomainName: https://some.domain
Id: somedomain1
Type: AWS::CloudFront::Distribution
GoodExample:
Properties:
DistributionConfig:
DefaultCacheBehavior:
TargetOriginId: target
ViewerProtocolPolicy: https-only
Enabled: true
Logging:
Bucket: logging-bucket
Origins:
- DomainName: https://some.domain
Id: somedomain1
Type: AWS::CloudFront::Distribution

```


29 changes: 15 additions & 14 deletions avd_docs/aws/cloudfront/AVD-AWS-0011/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,21 @@ Enable WAF for the CloudFront distribution

```yaml
Resources:
GoodExample:
Properties:
DistributionConfig:
DefaultCacheBehavior:
TargetOriginId: target
ViewerProtocolPolicy: https-only
Enabled: true
Logging:
Bucket: logging-bucket
Origins:
- DomainName: https://some.domain
Id: somedomain1
WebACLId: waf_id
Type: AWS::CloudFront::Distribution
GoodExample:
Properties:
DistributionConfig:
DefaultCacheBehavior:
TargetOriginId: target
ViewerProtocolPolicy: https-only
Enabled: true
Logging:
Bucket: logging-bucket
Origins:
- DomainName: https://some.domain
Id: somedomain1
WebACLId: waf_id
Type: AWS::CloudFront::Distribution

```


29 changes: 15 additions & 14 deletions avd_docs/aws/cloudfront/AVD-AWS-0012/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,21 @@ Only allow HTTPS for CloudFront distribution communication

```yaml
Resources:
GoodExample:
Properties:
DistributionConfig:
DefaultCacheBehavior:
TargetOriginId: target
ViewerProtocolPolicy: https-only
Enabled: true
Logging:
Bucket: logging-bucket
Origins:
- DomainName: https://some.domain
Id: somedomain1
WebACLId: waf_id
Type: AWS::CloudFront::Distribution
GoodExample:
Properties:
DistributionConfig:
DefaultCacheBehavior:
TargetOriginId: target
ViewerProtocolPolicy: https-only
Enabled: true
Logging:
Bucket: logging-bucket
Origins:
- DomainName: https://some.domain
Id: somedomain1
WebACLId: waf_id
Type: AWS::CloudFront::Distribution

```


31 changes: 16 additions & 15 deletions avd_docs/aws/cloudfront/AVD-AWS-0013/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,22 @@ Use the most modern TLS/SSL policies available

```yaml
Resources:
GoodExample:
Properties:
DistributionConfig:
DefaultCacheBehavior:
TargetOriginId: target
ViewerProtocolPolicy: https-only
Enabled: true
Logging:
Bucket: logging-bucket
Origins:
- DomainName: https://some.domain
Id: somedomain1
ViewerCertificate:
MinimumProtocolVersion: TLSv1.2_2021
Type: AWS::CloudFront::Distribution
GoodExample:
Properties:
DistributionConfig:
DefaultCacheBehavior:
TargetOriginId: target
ViewerProtocolPolicy: https-only
Enabled: true
Logging:
Bucket: logging-bucket
Origins:
- DomainName: https://some.domain
Id: somedomain1
ViewerCertificate:
MinimumProtocolVersion: TLSv1.2_2021
Type: AWS::CloudFront::Distribution

```


17 changes: 9 additions & 8 deletions avd_docs/aws/cloudtrail/AVD-AWS-0014/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,15 @@ Enable Cloudtrail in all regions

```yaml
Resources:
GoodExample:
Properties:
IsLogging: true
IsMultiRegionTrail: true
S3BucketName: CloudtrailBucket
S3KeyPrefix: /trailing
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail
GoodExample:
Properties:
IsLogging: true
IsMultiRegionTrail: true
S3BucketName: CloudtrailBucket
S3KeyPrefix: /trailing
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail

```


19 changes: 10 additions & 9 deletions avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,16 @@ Use Customer managed key

```yaml
Resources:
GoodExample:
Properties:
IsLogging: true
IsMultiRegionTrail: true
KmsKeyId: alias/CloudtrailKey
S3BucketName: CloudtrailBucket
S3KeyPrefix: /trailing
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail
GoodExample:
Properties:
IsLogging: true
IsMultiRegionTrail: true
KmsKeyId: alias/CloudtrailKey
S3BucketName: CloudtrailBucket
S3KeyPrefix: /trailing
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail

```

#### Remediation Links
Expand Down
19 changes: 10 additions & 9 deletions avd_docs/aws/cloudtrail/AVD-AWS-0016/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,16 @@ Turn on log validation for Cloudtrail

```yaml
Resources:
GoodExample:
Properties:
EnableLogFileValidation: true
IsLogging: true
IsMultiRegionTrail: true
S3BucketName: CloudtrailBucket
S3KeyPrefix: /trailing
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail
GoodExample:
Properties:
EnableLogFileValidation: true
IsLogging: true
IsMultiRegionTrail: true
S3BucketName: CloudtrailBucket
S3KeyPrefix: /trailing
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail

```


23 changes: 12 additions & 11 deletions avd_docs/aws/cloudtrail/AVD-AWS-0161/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,18 @@ Restrict public access to the S3 bucket

```yaml
Resources:
GoodExampleBucket:
Properties:
AccessControl: Private
BucketName: my-bucket
Type: AWS::S3::Bucket
GoodExampleTrail:
Properties:
IsLogging: true
S3BucketName: my-bucket
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail
GoodExampleBucket:
Properties:
AccessControl: Private
BucketName: my-bucket
Type: AWS::S3::Bucket
GoodExampleTrail:
Properties:
IsLogging: true
S3BucketName: my-bucket
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail

```


11 changes: 6 additions & 5 deletions avd_docs/aws/cloudtrail/AVD-AWS-0162/CloudFormation.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,12 @@ Enable logging to CloudWatch

```yaml
Resources:
GoodExampleTrail:
Properties:
CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:CloudTrail/DefaultLogGroup:*
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail
GoodExampleTrail:
Properties:
CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:CloudTrail/DefaultLogGroup:*
TrailName: Cloudtrail
Type: AWS::CloudTrail::Trail

```


Loading

0 comments on commit 9c789af

Please sign in to comment.