Additional explanations are needed for the check items displayed in the Description of the WAFS Report and the Compliance Status.

[orangex2]

Pick a category [] New Checks/Rules [] New Services coverage [] UI improvement [] New Features (e.g: new parameter, new filter, new page) [*] Others...

Is your feature request related to a problem? Please describe.

NA

Describe the solution you'd like

Detailed descriptions of the check items displayed in the Description of the WAFS Report are needed. For the items that have not passed, additional explanations are provided as shown below. However, there are no additional explanations for the passed check items. Having detailed descriptions for all check items would make it easier to maintain and correct the WAFS status.

-- X [hasAlternateContact] - Configure AWS account contacts [GLOBAL]Account::Config

[Has 10 active dynamodb] >> ((nothing))

For the Compliance Status values, I am curious whether "Not available" means that it is not yet implemented and therefore not checked, or if it is not a check target and thus not inspected.

1. If it is assumed to be not implemented, is there a development schedule (roadmap) for this feature?
2. If it is not a check target, currently the check items are not displayed in the "Description." If there is a checklist, can it be displayed on the Report page?

Describe alternatives you've considered

NA

Additional context

NA

[kuettai]

Hey thank you for reaching out.

There are some design consideration involve when we decide this. I try to walk you through.

1/ ServiceScreener, as the name, the idea is screen through service by service. To keep thing clean, we only added 'references' to the Framework Page, you may find the related 'checks' detail in the WAFS (framework) can be found under the service.

2/ X [hasAlternateContact], the "X" indicates that you account does not fulfill the requirement. This 'check' detail can be found under IAM => HasAlternateContact.

3/ [GLOBAL]Account::Config indicates that you fulfil the requirement. It means you have AWS Config enabled.

4/ [Has 10 active dynamodb] >> ((nothing)): This is related to SEC06-BP03, Implement managed services. If you are using any of the AWS managed services, it will shows which services and how many of them.

5/ "Not available" can have 2 meanings. [A] it is not related to AWS configuration, likely company process related. E.g: SEC01-BP04 Keep up-to-date with with security threats is to ensure the team has the process to keeping themselves up-to-date with security threats information. [B] it is not implement yet, and likely not going to implement unless there is a demand. Reason: We want to prioritise in implementing checks which are used by many users or has prior incidents happen due to that misconfiguration. Encourage you to continue to raise feedback via github channel here. In short, it is more likely due to reason [A]

I observed that many partners and AWS team uses Service Screener (SS)-WAFS as a references document when perform the AWS Well Architected (WA) Review. Inside AWS-WA, it has it own guideline. SS-WAFS do not want to duplicate the work of keeping up-to-date on the description and guidance. We should maintain single-source-of-reference inside AWS WA Tool