search

cds-snc / url-shortener

An API written in Python that shortens URLs
MIT License
4 stars 1 forks source link

Adding additional rules for exclusion #307

Closed sylviamclaughlin closed 1 year ago

sylviamclaughlin commented 1 year ago

Summary | Résumé

Adding additional rules to exclude from the rule set:

  1. SnsEncryptedKms (sns-encrypted-kms) and can be excluded since encryption at rest not required for Alarm topic
  2. LambdaInsideVpc - (lambda-inside-vpc) . The lambdas that don't comply with this rule are all org level functions. Screen Shot 2023-04-25 at 7 55 19 AM
github-actions[bot] commented 1 year ago

Staging: conformance_pack

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

⚠️   Warning: resources will be destroyed by this change!

Plan: 1 to add, 1 to change, 1 to destroy
Show summary | CHANGE | NAME | |----------|----------------------------------------------------------------------------| | recreate | `module.conformance_pack.aws_config_conformance_pack.cds_conformance_pack` | | update | `module.conformance_pack.aws_s3_object.conformace_pack_yaml` |

✂   Warning: plan has been truncated! See the full plan in the logs.

Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place -/+ destroy and then create replacement Terraform will perform the following actions: # module.conformance_pack.aws_config_conformance_pack.cds_conformance_pack will be replaced due to changes in replace_triggered_by -/+ resource "aws_config_conformance_pack" "cds_conformance_pack" { ~ arn = "arn:aws:config:ca-central-1:843973686572:conformance-pack/CDS-Conformance-Pack/conformance-pack-x1jpsexin" -> (known after apply) ~ id = "CDS-Conformance-Pack" -> (known after apply) name = "CDS-Conformance-Pack" # (1 unchanged attribute hidden) # (25 unchanged blocks hidden) } # module.conformance_pack.aws_s3_object.conformace_pack_yaml will be updated in-place ~ resource "aws_s3_object" "conformace_pack_yaml" { ~ content = <<-EOT "Conditions": "accessKeysRotatedParamMaxAccessKeyAge": "Fn::Not": - "Fn::Equals": - "" - "Ref": "AccessKeysRotatedParamMaxAccessKeyAge" "cloudwatchAlarmActionCheckParamAlarmActionRequired": "Fn::Not": - "Fn::Equals": - "" - "Ref": "CloudwatchAlarmActionCheckParamAlarmActionRequired" "cloudwatchAlarmActionCheckParamInsufficientDataActionRequired": "Fn::Not": - "Fn::Equals": - "" - "Ref": "CloudwatchAlarmActionCheckParamInsufficientDataActionRequired" "cloudwatchAlarmActionCheckParamOkActionRequired": "Fn::Not": - "Fn::Equals": - "" - "Ref": "CloudwatchAlarmActionCheckParamOkActionRequired" "elbPredefinedSecurityPolicySslCheckParamPredefinedPolicyName": "Fn::Not": - "Fn::Equals": - "" - "Ref": "ElbPredefinedSecurityPolicySslCheckParamPredefinedPolicyName" "iamCustomerPolicyBlockedKmsActionsParamBlockedActionsPatterns": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamCustomerPolicyBlockedKmsActionsParamBlockedActionsPatterns" "iamInlinePolicyBlockedKmsActionsParamBlockedActionsPatterns": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamInlinePolicyBlockedKmsActionsParamBlockedActionsPatterns" "iamPasswordPolicyParamMaxPasswordAge": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamPasswordPolicyParamMaxPasswordAge" "iamPasswordPolicyParamMinimumPasswordLength": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamPasswordPolicyParamMinimumPasswordLength" "iamPasswordPolicyParamPasswordReusePrevention": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamPasswordPolicyParamPasswordReusePrevention" "iamPasswordPolicyParamRequireLowercaseCharacters": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamPasswordPolicyParamRequireLowercaseCharacters" "iamPasswordPolicyParamRequireNumbers": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamPasswordPolicyParamRequireNumbers" "iamPasswordPolicyParamRequireSymbols": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamPasswordPolicyParamRequireSymbols" "iamPasswordPolicyParamRequireUppercaseCharacters": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamPasswordPolicyParamRequireUppercaseCharacters" "iamUserUnusedCredentialsCheckParamMaxCredentialUsageAge": "Fn::Not": - "Fn::Equals": - "" - "Ref": "IamUserUnusedCredentialsCheckParamMaxCredentialUsageAge" "internetGatewayAuthorizedVpcOnlyParamAuthorizedVpcIds": "Fn::Not": - "Fn::Equals": - "" - "Ref": "InternetGatewayAuthorizedVpcOnlyParamAuthorizedVpcIds" "redshiftClusterConfigurationCheckParamClusterDbEncrypted": "Fn::Not": - "Fn::Equals": - "" - "Ref": "RedshiftClusterConfigurationCheckParamClusterDbEncrypted" "redshiftClusterConfigurationCheckParamLoggingEnabled": "Fn::Not": - "Fn::Equals": - "" - "Ref": "RedshiftClusterConfigurationCheckParamLoggingEnabled" "redshiftClusterMaintenancesettingsCheckParamAllowVersionUpgrade": "Fn::Not": - "Fn::Equals": - "" - "Ref": "RedshiftClusterMaintenancesettingsCheckParamAllowVersionUpgrade" "restrictedIncomingTrafficParamBlockedPort1": "Fn::Not": - "Fn::Equals": - "" - "Ref": "RestrictedIncomingTrafficParamBlockedPort1" "restrictedIncomingTrafficParamBlockedPort2": "Fn::Not": - "Fn::Equals": - "" - "Ref": "RestrictedIncomingTrafficParamBlockedPort2" "restrictedIncomingTrafficParamBlockedPort3": "Fn::Not": - "Fn::Equals": - "" - "Ref": "RestrictedIncomingTrafficParamBlockedPort3" "restrictedIncomingTrafficParamBlockedPort4": "Fn::Not": - "Fn::Equals": - "" - "Ref": "RestrictedIncomingTrafficParamBlockedPort4" "restrictedIncomingTrafficParamBlockedPort5": "Fn::Not": - "Fn::Equals": - "" - "Ref": "RestrictedIncomingTrafficParamBlockedPort5" "vpcSgOpenOnlyToAuthorizedPortsParamAuthorizedTcpPorts": "Fn::Not": - "Fn::Equals": - "" - "Ref": "VpcSgOpenOnlyToAuthorizedPortsParamAuthorizedTcpPorts" "Parameters": "AccessKeysRotatedParamMaxAccessKeyAge": "Default": "90" "Type": "String" "CloudwatchAlarmActionCheckParamAlarmActionRequired": "Default": "true" "Type": "String" "CloudwatchAlarmActionCheckParamInsufficientDataActionRequired": "Default": "true" "Type": "String" "CloudwatchAlarmActionCheckParamOkActionRequired": "Default": "false" "Type": "String" "ElbPredefinedSecurityPolicySslCheckParamPredefinedPolicyName": "Default": "TLS-1-2-2017-01" "Type": "String" "IamCustomerPolicyBlockedKmsActionsParamBlockedActionsPatterns": "Default": "kms:*, kms:Decrypt, kms:ReEncrypt*" "Type": "String" "IamInlinePolicyBlockedKmsActionsParamBlockedActionsPatterns": "Default": "kms:*, kms:Decrypt, kms:ReEncrypt*" "Type": "String" "IamPasswordPolicyParamMaxPasswordAge": "Default": "90" "Type": "String" "IamPasswordPolicyParamMinimumPasswordLength": "Default": "14" "Type": "String" "IamPasswordPolicyParamPasswordReusePrevention": "Default": "24" "Type": "String" "IamPasswordPolicyParamRequireLowercaseCharacters": "Default": "true" "Type": "String" "IamPasswordPolicyParamRequireNumbers": "Default": "true" "Type": "String" "IamPasswordPolicyParamRequireSymbols": "Default": "true" "Type": "String" "IamPasswordPolicyParamRequireUppercaseCharacters": "Default": "true" "Type": "String" "IamUserUnusedCredentialsCheckParamMaxCredentialUsageAge": "Default": "90" "Type": "String" "InternetGatewayAuthorizedVpcOnlyParamAuthorizedVpcIds": "Default": "here add Comma-separated list of the authorized VPC IDs" "Type": "String" "RedshiftClusterConfigurationCheckParamClusterDbEncrypted": "Default": "true" "Type": "String" "RedshiftClusterConfigurationCheckParamLoggingEnabled": "Default": "true" "Type": "String" "RedshiftClusterMaintenancesettingsCheckParamAllowVersionUpgrade": "Default": "true" "Type": "String" "RestrictedIncomingTrafficParamBlockedPort1": "Default": "20" "Type": "String" "RestrictedIncomingTrafficParamBlockedPort2": "Default": "21" "Type": "String" "RestrictedIncomingTrafficParamBlockedPort3": "Default": "3389" "Type": "String" "RestrictedIncomingTrafficParamBlockedPort4": "Default": "3306" "Type": "String" "RestrictedIncomingTrafficParamBlockedPort5": "Default": "4333" "Type": "String" "VpcSgOpenOnlyToAuthorizedPortsParamAuthorizedTcpPorts": "Default": "443" "Type": "String" "Resources": "AccessKeysRotated": "Properties": "ConfigRuleName": "access-keys-rotated" "InputParameters": "maxAccessKeyAge": "Fn::If": - "accessKeysRotatedParamMaxAccessKeyAge" - "Ref": "AccessKeysRotatedParamMaxAccessKeyAge" - "Ref": "AWS::NoValue" "Source": "Owner": "AWS" "SourceIdentifier": "ACCESS_KEYS_ROTATED" "Type": "AWS::Config::ConfigRule" "AlbHttpToHttpsRedirectionCheck": "Properties": "ConfigRuleName": "alb-http-to-https-redirection-check" "Source": "Owner": "AWS" "SourceIdentifier": "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK" "Type": "AWS::Config::ConfigRule" "AlbWafEnabled": "Properties": "ConfigRuleName": "alb-waf-enabled" "Scope": "ComplianceResourceTypes": - "AWS::ElasticLoadBalancingV2::LoadBalancer" "Source": "Owner": "AWS" "SourceIdentifier": "ALB_WAF_ENABLED" "Type": "AWS::Config::ConfigRule" "ApiGwExecutionLoggingEnabled": "Properties": "ConfigRuleName": "api-gw-execution-logging-enabled" "Scope": "ComplianceResourceTypes": - "AWS::ApiGateway::Stage" - "AWS::ApiGatewayV2::Stage" "Source": "Owner": "AWS" "SourceIdentifier": "API_GW_EXECUTION_LOGGING_ENABLED" "Type": "AWS::Config::ConfigRule" "ApiGwSslEnabled": "Properties": "ConfigRuleName": "api-gw-ssl-enabled" "Scope": "ComplianceResourceTypes": - "AWS::ApiGateway::Stage" "Source": "Owner": "AWS" "SourceIdentifier": "API_GW_SSL_ENABLED" "Type": "AWS::Config::ConfigRule" "ApiGwXrayEnabled": "Properties": "ConfigRuleName": "api-gw-xray-enabled" "Scope": "ComplianceResourceTypes": - "AWS::ApiGateway::Stage" "Source": "Owner": "AWS" "SourceIdentifier": "API_GW_XRAY_ENABLED" "Type": "AWS::Config::ConfigRule" "AuroraResourcesProtectedByBackupPlan": "Properties": "ConfigRuleName": "aurora-resources-protected-by-backup-plan" "Scope": "ComplianceResourceTypes": - "AWS::RDS::DBCluster" "Source": "Owner": "AWS" "SourceIdentifier": "AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN" "Type": "AWS::Config::ConfigRule" "AutoscalingGroupElbHealthcheckRequired": "Properties": "ConfigRuleName": "autoscaling-group-elb-healthcheck-required" "Scope": "ComplianceResourceTypes": - "AWS::AutoScaling::AutoScalingGroup" "Source": "Owner": "AWS" "SourceIdentifier": "AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED" "Type": "AWS::Config::ConfigRule" "BackupPlanMinFrequencyAndMinRetentionCheck": "Properties": "ConfigRuleName": "backup-plan-min-frequency-and-min-retention-check" "Scope": "ComplianceResourceTypes": - "AWS::Backup::BackupPlan" "Source": "Owner": "AWS" "SourceIdentifier": "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK" "Type": "AWS::Config::ConfigRule" "BackupRecoveryPointEncrypted": "Properties": "ConfigRuleName": "backup-recovery-point-encrypted" "Scope": "ComplianceResourceTypes": - "AWS::Backup::RecoveryPoint" "Source": "Owner": "AWS" "SourceIdentifier": "BACKUP_RECOVERY_POINT_ENCRYPTED" "Type": "AWS::Config::ConfigRule" "BackupRecoveryPointManualDeletionDisabled": "Properties": "ConfigRuleName": "backup-recovery-point-manual-deletion-disabled" "Scope": "ComplianceResourceTypes": - "AWS::Backup::BackupVault" "Source": "Owner": "AWS" "SourceIdentifier": "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED" "Type": "AWS::Config::ConfigRule" "BackupRecoveryPointMinimumRetentionCheck": "Properties": "ConfigRuleName": "backup-recovery-point-minimum-retention-check" "Scope": "ComplianceResourceTypes": - "AWS::Backup::RecoveryPoint" "Source": "Owner": "AWS" "SourceIdentifier": "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK" "Type": "AWS::Config::ConfigRule" "BeanstalkEnhancedHealthReportingEnabled": "Properties": "ConfigRuleName": "beanstalk-enhanced-health-reporting-enabled" "Scope": "ComplianceResourceTypes": - "AWS::ElasticBeanstalk::Environment" "Source": "Owner": "AWS" "SourceIdentifier": "BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED" "Type": "AWS::Config::ConfigRule" "CloudTrailEnabled": "Properties": "ConfigRuleName": "cloudtrail-enabled" "Source": "Owner": "AWS" "SourceIdentifier": "CLOUD_TRAIL_ENABLED" "Type": "AWS::Config::ConfigRule" "CloudTrailLogFileValidationEnabled": "Properties": "ConfigRuleName": "cloud-trail-log-file-validation-enabled" "Source": "Owner": "AWS" "SourceIdentifier": "CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED" "Type": "AWS::Config::ConfigRule" "CloudtrailS3DataeventsEnabled": "Properties": "ConfigRuleName": "cloudtrail-s3-dataevents-enabled" "Source": "Owner": "AWS" "SourceIdentifier": "CLOUDTRAIL_S3_DATAEVENTS_ENABLED" "Type": "AWS::Config::ConfigRule" "CloudwatchAlarmActionCheck": "Properties": "ConfigRuleName": "cloudwatch-alarm-action-check" "InputParameters": "alarmActionRequired": "Fn::If": - "cloudwatchAlarmActionCheckParamAlarmActionRequired" - "Ref": "CloudwatchAlarmActionCheckParamAlarmActionRequired" - "Ref": "AWS::NoValue" "insufficientDataActionRequired": "Fn::If": - "cloudwatchAlarmActionCheckParamInsufficientDataActionRequired" - "Ref": "CloudwatchAlarmActionCheckParamInsufficientDataActionRequired" - "Ref": "AWS::NoValue" "okActionRequired": "Fn::If": - "cloudwatchAlarmActionCheckParamOkActionRequired" - "Ref": "CloudwatchAlarmActionCheckParamOkActionRequired" - "Ref": "AWS::NoValue" "Scope": "ComplianceResourceTypes": - "AWS::CloudWatch::Alarm" "Source": "Owner": "AWS" "SourceIdentifier": "CLOUDWATCH_ALARM_ACTION_CHECK" "Type": "AWS::Config::ConfigRule" "CmkBackingKeyRotationEnabled": "Properties": "ConfigRuleName": "cmk-backing-key-rotation-enabled" "Source": "Owner": "AWS" "SourceIdentifier": "CMK_BACKING_KEY_ROTATION_ENABLED" "Type": "AWS::Config::ConfigRule" "CwLoggroupRetentionPeriodCheck": "Properties": "ConfigRuleName": "cw-loggroup-retention-period-check" "Source": "Owner": "AWS" "SourceIdentifier": "CW_LOGGROUP_RETENTION_PERIOD_CHECK" "Type": "AWS::Config::ConfigRule" "DbInstanceBackupEnabled": "Properties": "ConfigRuleName": "db-instance-backup-enabled" "Scope": "ComplianceResourceTypes": - "AWS::RDS::DBInstance" "Source": "Owner": "AWS" "SourceIdentifier": "DB_INSTANCE_BACKUP_ENABLED" "Type": "AWS::Config::ConfigRule" "DmsReplicationNotPublic": "Properties": "ConfigRuleName": "dms-replication-not-public" "Scope": "ComplianceResourceTypes": [] "Source": "Owner": "AWS" "SourceIdentifier": "DMS_REPLICATION_NOT_PUBLIC" "Type": "AWS::Config::ConfigRule" "DynamodbAutoscalingEnabled": "Properties": "ConfigRuleName": "dynamodb-autoscaling-enabled" "Scope": "ComplianceResourceTypes": - "AWS::DynamoDB::Table" "Source": "Owner": "AWS" "SourceIdentifier": "DYNAMODB_AUTOSCALING_ENABLED" "Type": "AWS::Config::ConfigRule" "DynamodbPitrEnabled": "Properties": "ConfigRuleName": "dynamodb-pitr-enabled" "Scope": "ComplianceResourceTypes": - "AWS::DynamoDB::Table" "Source": "Owner": "AWS" "SourceIdentifier": "DYNAMODB_PITR_ENABLED" "Type": "AWS::Config::ConfigRule" "DynamodbResourcesProtectedByBackupPlan": "Properties": "ConfigRuleName": "dynamodb-resources-protected-by-backup-plan" "Scope": "ComplianceResourceTypes": - "AWS::DynamoDB::Table" "Source": "Owner": "AWS" "SourceIdentifier": "DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN" "Type": "AWS::Config::ConfigRule" "DynamodbThroughputLimitCheck": "Properties": "ConfigRuleName": "dynamodb-throughput-limit-check" "Source": "Owner": "AWS" "SourceIdentifier": "DYNAMODB_THROUGHPUT_LIMIT_CHECK" "Type": "AWS::Config::ConfigRule" "EbsOptimizedInstance": "Properties": "ConfigRuleName": "ebs-optimized-instance" "Scope": "ComplianceResourceTypes": - "AWS::EC2::Instance" "Source": "Owner": "AWS" "SourceIdentifier": "EBS_OPTIMIZED_INSTANCE" "Type": "AWS::Config::ConfigRule" "EbsResourcesProtectedByBackupPlan": "Properties": "ConfigRuleName": "ebs-resources-protected-by-backup-plan" "Scope": "ComplianceResourceTypes": - "AWS::EC2::Volume" "Source": "Owner": "AWS" "SourceIdentifier": "EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN" "Type": "AWS::Config::ConfigRule" "EbsSnapshotPublicRestorableCheck": "Properties": "ConfigRuleName": "ebs-snapshot-public-restorable-check" "Source": "Owner": "AWS" "SourceIdentifier": "EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK" "Type": "AWS::Config::ConfigRule" "Ec2EbsEncryptionByDefault": "Properties": "ConfigRuleName": "ec2-ebs-encryption-by-default" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_EBS_ENCRYPTION_BY_DEFAULT" "Type": "AWS::Config::ConfigRule" "Ec2Imdsv2Check": "Properties": "ConfigRuleName": "ec2-imdsv2-check" "Scope": "ComplianceResourceTypes": - "AWS::EC2::Instance" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_IMDSV2_CHECK" "Type": "AWS::Config::ConfigRule" "Ec2InstanceDetailedMonitoringEnabled": "Properties": "ConfigRuleName": "ec2-instance-detailed-monitoring-enabled" "Scope": "ComplianceResourceTypes": - "AWS::EC2::Instance" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_INSTANCE_DETAILED_MONITORING_ENABLED" "Type": "AWS::Config::ConfigRule" "Ec2InstanceManagedBySsm": "Properties": "ConfigRuleName": "ec2-instance-managed-by-systems-manager" "Scope": "ComplianceResourceTypes": - "AWS::EC2::Instance" - "AWS::SSM::ManagedInstanceInventory" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_INSTANCE_MANAGED_BY_SSM" "Type": "AWS::Config::ConfigRule" "Ec2InstanceNoPublicIp": "Properties": "ConfigRuleName": "ec2-instance-no-public-ip" "Scope": "ComplianceResourceTypes": - "AWS::EC2::Instance" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_INSTANCE_NO_PUBLIC_IP" "Type": "AWS::Config::ConfigRule" "Ec2ManagedinstanceAssociationComplianceStatusCheck": "Properties": "ConfigRuleName": "ec2-managedinstance-association-compliance-status-check" "Scope": "ComplianceResourceTypes": - "AWS::SSM::AssociationCompliance" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK" "Type": "AWS::Config::ConfigRule" "Ec2ManagedinstancePatchComplianceStatusCheck": "Properties": "ConfigRuleName": "ec2-managedinstance-patch-compliance-status-check" "Scope": "ComplianceResourceTypes": - "AWS::SSM::PatchCompliance" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK" "Type": "AWS::Config::ConfigRule" "Ec2ResourcesProtectedByBackupPlan": "Properties": "ConfigRuleName": "ec2-resources-protected-by-backup-plan" "Scope": "ComplianceResourceTypes": - "AWS::EC2::Instance" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN" "Type": "AWS::Config::ConfigRule" "Ec2StoppedInstance": "Properties": "ConfigRuleName": "ec2-stopped-instance" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_STOPPED_INSTANCE" "Type": "AWS::Config::ConfigRule" "Ec2VolumeInuseCheck": "Properties": "ConfigRuleName": "ec2-volume-inuse-check" "Scope": "ComplianceResourceTypes": - "AWS::EC2::Volume" "Source": "Owner": "AWS" "SourceIdentifier": "EC2_VOLUME_INUSE_CHECK" "Type": "AWS::Config::ConfigRule" "EcsTaskDefinitionUserForHostModeCheck": "Properties": "ConfigRuleName": "ecs-task-definition-user-for-host-mode-check" "Scope": "ComplianceResourceTypes": - "AWS::ECS::TaskDefinition" "Source": "Owner": "AWS" "SourceIdentifier": "ECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECK" "Type": "AWS::Config::ConfigRule" "EfsEncryptedCheck": "Properties": "ConfigRuleName": "efs-encrypted-check" "Source": "Owner": "AWS" "SourceIdentifier": "EFS_ENCRYPTED_CHECK" "Type": "AWS::Config::ConfigRule" "EfsResourcesProtectedByBackupPlan": "Properties": "ConfigRuleName": "efs-resources-protected-by-backup-plan" "Scope": "ComplianceResourceTypes": - "AWS::EFS::FileSystem" "Source": "Owner": "AWS" "SourceIdentifier": "EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN" "Type": "AWS::Config::ConfigRule" "EipAttached": "Properties": "ConfigRuleName": "eip-attached" "Scope": "ComplianceResourceTypes": - "AWS::EC2::EIP" "Source": "Owner": "AWS" "SourceIdentifier": "EIP_ATTACHED" "Type": "AWS::Config::ConfigRule" "ElasticBeanstalkManagedUpdatesEnabled": "Properties": "ConfigRuleName": "elastic-beanstalk-managed-updates-enabled" "Scope": "ComplianceResourceTypes": - "AWS::ElasticBeanstalk::Environment" "Source": "Owner": "AWS" "SourceIdentifier": "ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED" "Type": "AWS::Config::ConfigRule" "ElasticacheRedisClusterAutomaticBackupCheck": "Properties": "ConfigRuleName": "elasticache-redis-cluster-automatic-backup-check" "Source": "Owner": "AWS" "SourceIdentifier": "ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK" "Type": "AWS::Config::ConfigRule" "ElasticsearchEncryptedAtRest": "Properties": ... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["module.conformance_pack.aws_s3_object.conformace_pack_yaml"] 18 tests, 17 passed, 1 warning, 0 failures, 0 exceptions ```