Check Error: Post https://sts.ap-south-1.aliyuncs.com/?AccessKeyId= for alicloud_oss_bucket

[rajlearner17]

Describe the bug select * from alicloud_oss_bucket renders result, however the query below results authentication ERROR

select            
      arn as resource,
      case
        when lifecycle_rules is null then 'alarm'
        when lifecycle_rules @> '[{"Status":"Enabled"}]' then 'ok'
        else 'alarm'
      end as status,
      case
        when lifecycle_rules is null then title || ' has no lifecycle policy.'
        when lifecycle_rules @> '[{"Status":"Enabled"}]' then title || ' has lifecycle policy.'
        else title || ' has disabled lifecycle policy.'
      end as reason,
      region,
      account_id
    from
      alicloud_oss_bucket;

Error: Post "https://sts.ap-south-1.aliyuncs.com/?AccessKeyId=XzR2kNmP....

Steampipe version (steampipe -v) Example: v0.3.0

Plugin version (steampipe plugin list) Example: v0.5.0

To reproduce Steps to reproduce the behavior (please include relevant code and/or commands).

Expected behavior A clear and concise description of what you expected to happen.

Additional context Add any other context about the problem here.

[ParthaI]

We are unable to reproduce the error providing the run details below

~/steam-pipe/alicloud-complaince (main) ⏩  steampipe check all

Alibaba Cloud Compliance ......................................................................................................................................................... 95 / 184 [==========]
| 
+ CIS v1.0.0 ..................................................................................................................................................................... 95 / 184 [==========]
  | 
  + 1 Identity and Access Management ............................................................................................................................................. 42 /  65 [====      ]
  | | 
  | + 1.1 Avoid the use of the 'root' account ....................................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: SDKError:
   Code: Expired.CredentialReport
   Message: code: 410, The credential report has been expired. request id: 34177AB9-1736-5752-B1CD-126EACD5AF8D
   Data: {"Code":"Expired.CredentialReport","HostId":"ims.aliyuncs.com","Message":"The credential report has been expired.","Recommend":"https://error-center.aliyun.com/status/search?Key…
  | | 
  | + 1.2 Ensure no root account access key exists ...............................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: SDKError:
   Code: Expired.CredentialReport
   Message: code: 410, The credential report has been expired. request id: AE18B229-0647-5D72-9D34-67B8E4683B2A
   Data: {"Code":"Expired.CredentialReport","HostId":"ims.aliyuncs.com","Message":"The credential report has been expired.","Recommend":"https://error-center.aliyun.com/status/search?Key…
  | | 
  | + 1.3 Ensure MFA is enabled for the 'root' account ...........................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: SDKError:
   Code: Expired.CredentialReport
   Message: code: 410, The credential report has been expired. request id: 9CAE4E45-CC93-55DB-85BF-5E3BED04C287
   Data: {"Code":"Expired.CredentialReport","HostId":"ims.aliyuncs.com","Message":"The credential report has been expired.","Recommend":"https://error-center.aliyun.com/status/search?Key…
  | | 
  | + 1.4 Ensure that multi-factor authentication is enabled for all RAM users that have a console password ......................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: SDKError:
   Code: Expired.CredentialReport
   Message: code: 410, The credential report has been expired. request id: 621CC2B9-29D5-5391-9D9D-5EEEDED7BF97
   Data: {"Code":"Expired.CredentialReport","HostId":"ims.aliyuncs.com","Message":"The credential report has been expired.","Recommend":"https://error-center.aliyun.com/status/search?Key…
  | | 
  | + 1.5 Ensure users not logged on for 90 days or longer are disabled for console logon ........................................................................................ 11 /  19 [==        ]
  | | | 
  | | OK   : debu logged in 15 days ago. .............................................................................................................................................. 5982111499156037
  | | ALARM: john logged in 126 days ago. ............................................................................................................................................. 5982111499156037
  | | ALARM: oscar never logged in. ................................................................................................................................................... 5982111499156037
  | | OK   : rajeshbal logged in 16 days ago. ......................................................................................................................................... 5982111499156037
  | | OK   : partha logged in 1 days ago. ............................................................................................................................................. 5982111499156037
  | | OK   : lalit logged in 24 days ago. ............................................................................................................................................. 5982111499156037
  | | OK   : khushboo logged in 28 days ago. .......................................................................................................................................... 5982111499156037
  | | OK   : sourav logged in 1 days ago. ............................................................................................................................................. 5982111499156037
  | | ALARM: david logged in 126 days ago. ............................................................................................................................................ 5982111499156037
  | | ALARM: pam never logged in. ..................................................................................................................................................... 5982111499156037
  | | ALARM: dwight never logged in. .................................................................................................................................................. 5982111499156037
  | | ALARM: cisuser never logged in. ................................................................................................................................................. 5982111499156037
  | | OK   : subhajit logged in 7 days ago. ........................................................................................................................................... 5982111499156037
  | | ALARM: cody logged in 126 days ago. ............................................................................................................................................. 5982111499156037
  | | ALARM: michael never logged in. ................................................................................................................................................. 5982111499156037
  | | ALARM: kevin never logged in. ................................................................................................................................................... 5982111499156037
  | | OK   : raj logged in 14 days ago. ............................................................................................................................................... 5982111499156037
  | | ALARM: jim never logged in. ..................................................................................................................................................... 5982111499156037
  | | ALARM: nw-steampipe never logged in. ............................................................................................................................................ 5982111499156037
  | | 
  | + 1.6 Ensure access keys are rotated every 90 days or less ................................................................................................................... 14 /  19 [==        ]
  | | | 
  | | OK   : partha LTAI5tJ24Hu51Y2UCLsyDt1u created 01-Jun-2021 (66 days). ........................................................................................................... 5982111499156037
  | | ALARM: david LTAI5tL5AHdDuaVKQrR4jfhZ created 01-Apr-2021 (126 days). ........................................................................................................... 5982111499156037
  | | OK   : debu LTAI5tQmMTfSx9pg89kNcXzn created 05-Jul-2021 (31 days). ............................................................................................................. 5982111499156037
  | | OK   : cody LTAI5tCZ2c7USv4BxHUkqYLm created 19-Jul-2021 (17 days). ............................................................................................................. 5982111499156037
  | | ALARM: subhajit LTAI4G1q1KCF934zSvH4WNCD created 19-Feb-2021 (167 days). ........................................................................................................ 5982111499156037
  | | ALARM: dwight LTAI4FyxySVqXLsXNTJ8svo9 created 27-Jan-2021 (191 days). .......................................................................................................... 5982111499156037
  | | ALARM: rajeshbal LTAI4G5FDM8JYkJkUfUvJ8pB created 18-Feb-2021 (169 days). ....................................................................................................... 5982111499156037
  | | OK   : khushboo LTAI5tE6NLzZDqPoNMS1c4i7 created 09-Jun-2021 (58 days). ......................................................................................................... 5982111499156037
  | | OK   : sourav LTAI5tQyR5XwQXdaXx8KcUSV created 07-Jul-2021 (30 days). ........................................................................................................... 5982111499156037
  | | ALARM: pam LTAI4GHBBV1s8w5Kk3Jex3H8 created 27-Jan-2021 (191 days). ............................................................................................................. 5982111499156037
  | | ALARM: kevin LTAI4GDtxHE67g2UujBMTUqp created 27-Jan-2021 (191 days). ........................................................................................................... 5982111499156037
  | | ALARM: lalit LTAI4GC5FPDVXYns4VHjzoTp created 23-Feb-2021 (164 days). ........................................................................................................... 5982111499156037
  | | ALARM: michael LTAI4GG37PzvtqL8rgogq1An created 27-Jan-2021 (191 days). ......................................................................................................... 5982111499156037
  | | ALARM: oscar LTAI4GD8KPPL6N3LZ5fZ1Pyx created 27-Jan-2021 (191 days). ........................................................................................................... 5982111499156037
  | | ALARM: raj LTAI4G3iPoXzR2kNmP89SV2X created 11-Mar-2021 (148 days). ............................................................................................................. 5982111499156037
  | | ALARM: john LTAI4GBVEshZAjTFNf4ezv66 created 23-Feb-2021 (163 days). ............................................................................................................ 5982111499156037
  | | ALARM: john LTAI4G6DoDr1V1QxPeTnTqto created 25-Feb-2021 (162 days). ............................................................................................................ 5982111499156037
  | | ALARM: jim LTAI4GALdnJDMGQdpxPwXkn3 created 27-Jan-2021 (191 days). ............................................................................................................. 5982111499156037
  | | ALARM: nw-steampipe LTAI4GBwJQnMs697GDp2GASK created 24-Jan-2021 (193 days). .................................................................................................... 5982111499156037
  | | 
  | + 1.7 Ensure RAM password policy requires at least one uppercase letter ......................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Uppercase character not required. ........................................................................................................................................ 5982111499156037
  | | 
  | + 1.8 Ensure RAM password policy requires at least one lowercase letter ......................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Lowercase character not required. ........................................................................................................................................ 5982111499156037
  | | 
  | + 1.9 Ensure RAM password policy require at least one symbol .................................................................................................................  0 /   1 [=         ]
  | | | 
  | | OK   : Symbol required. ......................................................................................................................................................... 5982111499156037
  | | 
  | + 1.10 Ensure RAM password policy require at least one number ................................................................................................................  0 /   1 [=         ]
  | | | 
  | | OK   : Number required. ......................................................................................................................................................... 5982111499156037
  | | 
  | + 1.11 Ensure RAM password policy requires minimum length of 14 or greater ...................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Minimum password length set to 8. ........................................................................................................................................ 5982111499156037
  | | 
  | + 1.12 Ensure RAM password policy prevents password reuse ....................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Password reuse prevention set to 6. ...................................................................................................................................... 5982111499156037
  | | 
  | + 1.13 Ensure RAM password policy expires passwords within 90 days or less ...................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Password expiration set to 100 days. ..................................................................................................................................... 5982111499156037
  | | 
  | + 1.14 Ensure RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour ...................................................................  0 /   1 [=         ]
  | | | 
  | | OK   : Max login attempts set to 5. ............................................................................................................................................. 5982111499156037
  | | 
  | + 1.16 Ensure RAM policies are attached only to groups or roles .............................................................................................................. 12 /  19 [==        ]
  |   | 
  |   OK   : debu not have any direct policy attached. ................................................................................................................................ 5982111499156037
  |   ALARM: john have direct policy attached. ........................................................................................................................................ 5982111499156037
  |   ALARM: oscar have direct policy attached. ....................................................................................................................................... 5982111499156037
  |   ALARM: rajeshbal have direct policy attached. ................................................................................................................................... 5982111499156037
  |   ALARM: partha have direct policy attached. ...................................................................................................................................... 5982111499156037
  |   ALARM: lalit have direct policy attached. ....................................................................................................................................... 5982111499156037
  |   ALARM: khushboo have direct policy attached. .................................................................................................................................... 5982111499156037
  |   ALARM: sourav have direct policy attached. ...................................................................................................................................... 5982111499156037
  |   ALARM: david have direct policy attached. ....................................................................................................................................... 5982111499156037
  |   OK   : pam not have any direct policy attached. ................................................................................................................................. 5982111499156037
  |   OK   : dwight not have any direct policy attached. .............................................................................................................................. 5982111499156037
  |   OK   : cisuser not have any direct policy attached. ............................................................................................................................. 5982111499156037
  |   ALARM: subhajit have direct policy attached. .................................................................................................................................... 5982111499156037
  |   ALARM: cody have direct policy attached. ........................................................................................................................................ 5982111499156037
  |   OK   : michael not have any direct policy attached. ............................................................................................................................. 5982111499156037
  |   OK   : kevin not have any direct policy attached. ............................................................................................................................... 5982111499156037
  |   ALARM: raj have direct policy attached. ......................................................................................................................................... 5982111499156037
  |   OK   : jim not have any direct policy attached. ................................................................................................................................. 5982111499156037
  |   ALARM: nw-steampipe have direct policy attached. ................................................................................................................................ 5982111499156037
  |   
  + 2 Logging and Monitoring .....................................................................................................................................................  6 /  39 [===       ]
  | | 
  | + 2.1 Ensure that ActionTrail are configured to export copies of all Log entries .............................................................................................  6 /   9 [==        ]
  | | | 
  | | ALARM:  is not configured to export copies of all log entries ........................................................................................................ ap-south-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ......................................................................................................... us-east-1 5982111499156037
  | | OK   :  is configured to export copies of all log entries ............................................................................................................ ap-south-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ........................................................................................................ ap-south-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ......................................................................................................... us-east-1 5982111499156037
  | | OK   :  is configured to export copies of all log entries ............................................................................................................ ap-south-1 5982111499156037
  | | OK   :  is configured to export copies of all log entries ............................................................................................................ ap-south-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ........................................................................................................ ap-south-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ......................................................................................................... us-east-1 5982111499156037
  | | 
  | + 2.2 Ensure the OSS used to store ActionTrail logs is not publicly accessible ...............................................................................................  0 /   9 [=         ]
  | | | 
  | | OK   : oss bucket nw-test-3 used to store ActionTrail logs is not publicly accessible. ............................................................................... ap-south-1 5982111499156037
  | | OK   : oss bucket turbottest60503 used to store ActionTrail logs is not publicly accessible. ......................................................................... ap-south-1 5982111499156037
  | | OK   : oss bucket test-ap-south-1 used to store ActionTrail logs is not publicly accessible. ......................................................................... ap-south-1 5982111499156037
  | | OK   : oss bucket turbottest60503 used to store ActionTrail logs is not publicly accessible. ........................................................................ cn-hangzhou 5982111499156037
  | | OK   : oss bucket nw-test-3 used to store ActionTrail logs is not publicly accessible. .............................................................................. cn-hangzhou 5982111499156037
  | | OK   : oss bucket test-ap-south-1 used to store ActionTrail logs is not publicly accessible. ........................................................................ cn-hangzhou 5982111499156037
  | | OK   : oss bucket turbottest60503 used to store ActionTrail logs is not publicly accessible. .......................................................................... us-east-1 5982111499156037
  | | OK   : oss bucket nw-test-3 used to store ActionTrail logs is not publicly accessible. ................................................................................ us-east-1 5982111499156037
  | | OK   : oss bucket test-ap-south-1 used to store ActionTrail logs is not publicly accessible. .......................................................................... us-east-1 5982111499156037
  | | 
  | + 2.3 Ensure audit logs for multiple cloud resources are integrated with Log Service .........................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.4 Ensure Log Service is enabled for Container Service for Kubernetes .....................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.5 Ensure virtual network flow log service is enabled .....................................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.6 Ensure Anti-DDoS access and security log service is enabled ............................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.7 Ensure Web Application Firewall access and security log service is enabled .............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.8 Ensure Cloud Firewall access and security log analysis is enabled ......................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.9 Ensure Security Center Network, Host and Security log analysis is enabled ..............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.10 Ensure log monitoring and alerts are set up for RAM Role changes ......................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.11 Ensure log monitoring and alerts are set up for Cloud Firewall changes ................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.12 Ensure log monitoring and alerts are set up for VPC network route changes .............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.13 Ensure log monitoring and alerts are set up for VPC changes ...........................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.14 Ensure log monitoring and alerts are set up for OSS permission changes ................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.15 Ensure log monitoring and alerts are set up for RDS instance configuration changes ....................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.16 Ensure a log monitoring and alerts are set up for unauthorized API calls ..............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.17 Ensure a log monitoring and alerts are set up for Management Console sign-in without MFA ..............................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.18 Ensure a log monitoring and alerts are set up for usage of 'root' account .............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.19 Ensure a log monitoring and alerts are set up for Management Console authentication failures ..........................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.20 Ensure a log monitoring and alerts are set up for disabling or deletion of customer created CMKs ......................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.21 Ensure a log monitoring and alerts are set up for OSS bucket policy changes ...........................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.22 Ensure a log monitoring and alerts are set up for security group changes ..............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.23 Ensure that Logstore data retention period is set 365 days or greater .................................................................................................  0 /   1 [=         ]
  |   | 
  |   INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  |   
  + 3 Networking .................................................................................................................................................................  0 /   3 [=         ]
  | | 
  | + 3.1 Ensure legacy networks does not exist ..................................................................................................................................  0 /   0 [          ]
  | | | 
  | + 3.2 Ensure that SSH access is restricted from the internet .................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: column a.region_id does not exist
  | | 
  | + 3.3 Ensure VPC flow logging is enabled in all VPCs .........................................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 3.4 Ensure routing tables for VPC peering are 'least access' ...............................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 3.5 Ensure the security group are configured with fine grained rules .......................................................................................................  0 /   1 [=         ]
  |   | 
  |   INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  |   
  + 4 Virtual Machines ...........................................................................................................................................................  1 /   2 [==        ]
  | | 
  | + 4.1 Ensure that 'Unattached disks' are encrypted ...........................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: test1 encryption disabled. ..................................................................................................................................... us-east-1 5982111499156037
  | | 
  | + 4.2 Ensure that 'Virtual Machine’s disk' are encrypted .....................................................................................................................  0 /   0 [          ]
  | | | 
  | + 4.3 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 ......................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: column a.region_id does not exist
  | | 
  | + 4.4 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 ....................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: column a.region_id does not exist
  | | 
  | + 4.5 Ensure that the latest OS Patches for all Virtual Machines are applied .................................................................................................  0 /   1 [=         ]
  |   | 
  |   INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  |   
  + 5 Storage .................................................................................................................................................................... 45 /  63 [====      ]
  | | 
  | + 5.1 Ensure that OSS bucket is not anonymously or publicly accessible .......................................................................................................  1 /  12 [==        ]
  | | | 
  | | OK   : test-ap-south-1 not publicly accessible. ...................................................................................................................... ap-south-1 5982111499156037
  | | OK   : turbottest2670 not publicly accessible. ........................................................................................................................ us-east-1 5982111499156037
  | | OK   : nw-test-3 not publicly accessible. ............................................................................................................................. us-east-1 5982111499156037
  | | OK   : turbottest60503 not publicly accessible. ....................................................................................................................... us-east-1 5982111499156037
  | | OK   : canonical-test not publicly accessible. ........................................................................................................................ us-east-1 5982111499156037
  | | OK   : turbottest45802 not publicly accessible. ....................................................................................................................... us-east-1 5982111499156037
  | | OK   : turbottest39313 not publicly accessible. ....................................................................................................................... us-east-1 5982111499156037
  | | OK   : turbottest96253 not publicly accessible. ....................................................................................................................... us-east-1 5982111499156037
  | | OK   : kms-bucket not publicly accessible. ........................................................................................................................... cn-beijing 5982111499156037
  | | OK   : cis-test2 not publicly accessible. ............................................................................................................................. us-east-1 5982111499156037
  | | OK   : nw-test-1 not publicly accessible. ............................................................................................................................. us-east-1 5982111499156037
  | | ALARM: cis-test-mar12 publicly accessible. ............................................................................................................................ us-east-1 5982111499156037
  | | 
  | + 5.2 Ensure that there are no publicly accessible objects in storage buckets ................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 5.3 Ensure that logging is enabled for OSS buckets ......................................................................................................................... 10 /  12 [==        ]
  | | | 
  | | ALARM: test-ap-south-1 logging disabled. ............................................................................................................................. ap-south-1 5982111499156037
  | | ALARM: turbottest45802 logging disabled. .............................................................................................................................. us-east-1 5982111499156037
  | | ALARM: turbottest39313 logging disabled. .............................................................................................................................. us-east-1 5982111499156037
  | | ALARM: turbottest60503 logging disabled. .............................................................................................................................. us-east-1 5982111499156037
  | | ALARM: nw-test-3 logging disabled. .................................................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest2670 logging disabled. ............................................................................................................................... us-east-1 5982111499156037
  | | ALARM: canonical-test logging disabled. ............................................................................................................................... us-east-1 5982111499156037
  | | OK   : cis-test2 logging enabled. ..................................................................................................................................... us-east-1 5982111499156037
  | | ALARM: nw-test-1 logging disabled. .................................................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest96253 logging disabled. .............................................................................................................................. us-east-1 5982111499156037
  | | OK   : cis-test-mar12 logging enabled. ................................................................................................................................ us-east-1 5982111499156037
  | | ALARM: kms-bucket logging disabled. .................................................................................................................................. cn-beijing 5982111499156037
  | | 
  | + 5.4 Ensure that 'Secure transfer required' is set to 'Enabled' ............................................................................................................. 11 /  12 [==        ]
  | | | 
  | | OK   : test-ap-south-1 bucket policy enforces HTTPS. ................................................................................................................. ap-south-1 5982111499156037
  | | ALARM: turbottest2670 bucket policy does not enforce HTTPS. ........................................................................................................... us-east-1 5982111499156037
  | | ALARM: nw-test-3 bucket policy does not enforce HTTPS. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: turbottest60503 bucket policy does not enforce HTTPS. .......................................................................................................... us-east-1 5982111499156037
  | | ALARM: canonical-test bucket policy does not enforce HTTPS. ........................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest45802 bucket policy does not enforce HTTPS. .......................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest39313 bucket policy does not enforce HTTPS. .......................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest96253 bucket policy does not enforce HTTPS. .......................................................................................................... us-east-1 5982111499156037
  | | ALARM: kms-bucket bucket policy does not enforce HTTPS. .............................................................................................................. cn-beijing 5982111499156037
  | | ALARM: cis-test2 bucket policy does not enforce HTTPS. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: nw-test-1 bucket policy does not enforce HTTPS. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: cis-test-mar12 bucket policy does not enforce HTTPS. ........................................................................................................... us-east-1 5982111499156037
  | | 
  | + 5.5 Ensure that the shared URL signature expires within an hour ............................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 5.6 Ensure that URL signature is allowed only over https ...................................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 5.8 Ensure server-side encryption is set to 'Encrypt with Service Key' ..................................................................................................... 11 /  12 [==        ]
  | | | 
  | | ALARM: test-ap-south-1 not encrypted with Service Key. ............................................................................................................... ap-south-1 5982111499156037
  | | ALARM: turbottest2670 not encrypted with Service Key. ................................................................................................................. us-east-1 5982111499156037
  | | ALARM: nw-test-3 not encrypted with Service Key. ...................................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest60503 not encrypted with Service Key. ................................................................................................................ us-east-1 5982111499156037
  | | OK   : canonical-test encrypted with Service Key. ..................................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest45802 not encrypted with Service Key. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: turbottest39313 not encrypted with Service Key. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: turbottest96253 not encrypted with Service Key. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: kms-bucket not encrypted with Service Key. .................................................................................................................... cn-beijing 5982111499156037
  | | ALARM: cis-test2 not encrypted with Service Key. ...................................................................................................................... us-east-1 5982111499156037
  | | ALARM: nw-test-1 not encrypted with Service Key. ...................................................................................................................... us-east-1 5982111499156037
  | | ALARM: cis-test-mar12 not encrypted with Service Key. ................................................................................................................. us-east-1 5982111499156037
  | | 
  | + 5.9 Ensure server-side encryption is set to 'Encrypt with BYOK' ............................................................................................................ 12 /  12 [=         ]
  |   | 
  |   ALARM: test-ap-south-1 not encrypted with BYOK. ...................................................................................................................... ap-south-1 5982111499156037
  |   ALARM: turbottest2670 not encrypted with BYOK. ........................................................................................................................ us-east-1 5982111499156037
  |   ALARM: nw-test-3 not encrypted with BYOK. ............................................................................................................................. us-east-1 5982111499156037
  |   ALARM: turbottest60503 not encrypted with BYOK. ....................................................................................................................... us-east-1 5982111499156037
  |   ALARM: canonical-test not encrypted with BYOK. ........................................................................................................................ us-east-1 5982111499156037
  |   ALARM: turbottest45802 not encrypted with BYOK. ....................................................................................................................... us-east-1 5982111499156037
  |   ALARM: turbottest39313 not encrypted with BYOK. ....................................................................................................................... us-east-1 5982111499156037
  |   ALARM: turbottest96253 not encrypted with BYOK. ....................................................................................................................... us-east-1 5982111499156037
  |   ALARM: kms-bucket not encrypted with BYOK. ........................................................................................................................... cn-beijing 5982111499156037
  |   ALARM: cis-test2 not encrypted with BYOK. ............................................................................................................................. us-east-1 5982111499156037
  |   ALARM: nw-test-1 not encrypted with BYOK. ............................................................................................................................. us-east-1 5982111499156037
  |   ALARM: cis-test-mar12 not encrypted with BYOK. ........................................................................................................................ us-east-1 5982111499156037
  |   
  + 6 Relational Database Services ...............................................................................................................................................  0 /   0 [          ]
  | | 
  | + 6.1 Ensure that RDS instance requires all incoming connections to use SSL ..................................................................................................  0 /   0 [          ]
  | | | 
  | + 6.2 Ensure that RDS Instances are not open to the world ....................................................................................................................  0 /   0 [          ]
  | | | 
  | + 6.3 Ensure that 'Auditing' is set to 'On' for applicable database instances ................................................................................................  0 /   0 [          ]
  | | | 
  | + 6.4 Ensure that 'Auditing' Retention is 'greater than 6 months' ............................................................................................................  0 /   0 [          ]
  | | | 
  | + 6.5 Ensure that 'TDE' is set to 'Enabled' on for applicable database instance ..............................................................................................  0 /   0 [          ]
  | | | 
  | + 6.7 Ensure parameter 'log_connections' is set to 'ON' for PostgreSQL Database ..............................................................................................  0 /   0 [          ]
  | | | 
  | + 6.8 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server .............................................................................  0 /   0 [          ]
  | | | 
  | + 6.9 Ensure server parameter 'log_duration is set to 'ON' for PostgreSQL Database Server ....................................................................................  0 /   0 [          ]
  |   | 
  + 7 Kubernetes Engine ..........................................................................................................................................................  0 /   5 [=         ]
  | | 
  | + 7.1 Ensure Log Service is set to 'Enabled' on Kubernetes Engine Clusters ...................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 7.4 Ensure Cluster Check triggered at least once per week for Kubernetes Clusters ..........................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 7.5 Ensure Kubernetes web UI / Dashboard is not enabled ....................................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 7.6 Ensure Basic Authentication is not enabled on Kubernetes Engine ........................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 7.7 Ensure Network policy is enabled on Kubernetes Engine Clusters .........................................................................................................  0 /   0 [          ]
  | | | 
  | + 7.8 Ensure ENI multiple IP mode support for Kubernetes Cluster .............................................................................................................  0 /   0 [          ]
  | | | 
  | + 7.9 Ensure Kubernetes Cluster is created with Private cluster enabled ......................................................................................................  0 /   1 [=         ]
  |   | 
  |   INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  |   
  + 8 Security Center ............................................................................................................................................................  1 /   7 [==        ]
    | 
    + 8.1 Ensure that Security Center is Advanced or Enterprise Edition ..........................................................................................................  1 /   1 [=         ]
    | | 
    | ALARM: Security Center Enterprise or Advanced edition disabled. ..................................................................................................... cn-hangzhou 5982111499156037
    | 
    + 8.3 Ensure that Automatic Quarantine is enabled ............................................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.4 Ensure that Webshell detection is enabled on all web servers ...........................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.5 Ensure that notification is enabled on all high risk items .............................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.6 Ensure that Config Assessment is granted with privilege ................................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.7 Ensure that scheduled vulnerability scan is enabled on all servers .....................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.8 Ensure that Asset Fingerprint automatically collects asset fingerprint data ............................................................................................  0 /   1 [=         ]
      | 
      INFO : Manual verification required. ............................................................................................................................................ 5982111499156037

Alibaba Cloud Compliance ......................................................................................................................................................... 95 / 184 [==========]
| 
+ CIS v1.0.0 ..................................................................................................................................................................... 95 / 184 [==========]
  | 
  + 1 Identity and Access Management ............................................................................................................................................. 42 /  65 [====      ]
  | | 
  | + 1.1 Avoid the use of the 'root' account ....................................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: SDKError:
   Code: Expired.CredentialReport
   Message: code: 410, The credential report has been expired. request id: D268F24D-659C-575E-BD49-ACC46CFD6449
   Data: {"Code":"Expired.CredentialReport","HostId":"ims.aliyuncs.com","Message":"The credential report has been expired.","Recommend":"https://error-center.aliyun.com/status/search?Key…
  | | 
  | + 1.2 Ensure no root account access key exists ...............................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: SDKError:
   Code: Expired.CredentialReport
   Message: code: 410, The credential report has been expired. request id: C7E2CFD9-63AE-5FCB-A668-4BE6CAEE82B4
   Data: {"Code":"Expired.CredentialReport","HostId":"ims.aliyuncs.com","Message":"The credential report has been expired.","Recommend":"https://error-center.aliyun.com/status/search?Key…
  | | 
  | + 1.3 Ensure MFA is enabled for the 'root' account ...........................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: SDKError:
   Code: Expired.CredentialReport
   Message: code: 410, The credential report has been expired. request id: 91D7A65D-4E2B-5A4E-A3F0-0048DC9A64AB
   Data: {"Code":"Expired.CredentialReport","HostId":"ims.aliyuncs.com","Message":"The credential report has been expired.","Recommend":"https://error-center.aliyun.com/status/search?Key…
  | | 
  | + 1.4 Ensure that multi-factor authentication is enabled for all RAM users that have a console password ......................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: SDKError:
   Code: Expired.CredentialReport
   Message: code: 410, The credential report has been expired. request id: C7EF8BCA-0BA0-55D5-9BF8-D29E43BC58F4
   Data: {"Code":"Expired.CredentialReport","HostId":"ims.aliyuncs.com","Message":"The credential report has been expired.","Recommend":"https://error-center.aliyun.com/status/search?Key…
  | | 
  | + 1.5 Ensure users not logged on for 90 days or longer are disabled for console logon ........................................................................................ 11 /  19 [==        ]
  | | | 
  | | OK   : khushboo logged in 28 days ago. .......................................................................................................................................... 5982111499156037
  | | ALARM: pam never logged in. ..................................................................................................................................................... 5982111499156037
  | | ALARM: cody logged in 126 days ago. ............................................................................................................................................. 5982111499156037
  | | OK   : raj logged in 14 days ago. ............................................................................................................................................... 5982111499156037
  | | OK   : debu logged in 15 days ago. .............................................................................................................................................. 5982111499156037
  | | OK   : partha logged in 1 days ago. ............................................................................................................................................. 5982111499156037
  | | ALARM: michael never logged in. ................................................................................................................................................. 5982111499156037
  | | ALARM: cisuser never logged in. ................................................................................................................................................. 5982111499156037
  | | ALARM: kevin never logged in. ................................................................................................................................................... 5982111499156037
  | | OK   : sourav logged in 1 days ago. ............................................................................................................................................. 5982111499156037
  | | ALARM: dwight never logged in. .................................................................................................................................................. 5982111499156037
  | | ALARM: oscar never logged in. ................................................................................................................................................... 5982111499156037
  | | OK   : rajeshbal logged in 16 days ago. ......................................................................................................................................... 5982111499156037
  | | OK   : subhajit logged in 7 days ago. ........................................................................................................................................... 5982111499156037
  | | ALARM: john logged in 126 days ago. ............................................................................................................................................. 5982111499156037
  | | OK   : lalit logged in 24 days ago. ............................................................................................................................................. 5982111499156037
  | | ALARM: nw-steampipe never logged in. ............................................................................................................................................ 5982111499156037
  | | ALARM: jim never logged in. ..................................................................................................................................................... 5982111499156037
  | | ALARM: david logged in 126 days ago. ............................................................................................................................................ 5982111499156037
  | | 
  | + 1.6 Ensure access keys are rotated every 90 days or less ................................................................................................................... 14 /  19 [==        ]
  | | | 
  | | OK   : partha LTAI5tJ24Hu51Y2UCLsyDt1u created 01-Jun-2021 (66 days). ........................................................................................................... 5982111499156037
  | | OK   : khushboo LTAI5tE6NLzZDqPoNMS1c4i7 created 09-Jun-2021 (58 days). ......................................................................................................... 5982111499156037
  | | ALARM: lalit LTAI4GC5FPDVXYns4VHjzoTp created 23-Feb-2021 (164 days). ........................................................................................................... 5982111499156037
  | | ALARM: nw-steampipe LTAI4GBwJQnMs697GDp2GASK created 24-Jan-2021 (193 days). .................................................................................................... 5982111499156037
  | | ALARM: subhajit LTAI4G1q1KCF934zSvH4WNCD created 19-Feb-2021 (167 days). ........................................................................................................ 5982111499156037
  | | OK   : cody LTAI5tCZ2c7USv4BxHUkqYLm created 19-Jul-2021 (17 days). ............................................................................................................. 5982111499156037
  | | ALARM: raj LTAI4G3iPoXzR2kNmP89SV2X created 11-Mar-2021 (148 days). ............................................................................................................. 5982111499156037
  | | ALARM: rajeshbal LTAI4G5FDM8JYkJkUfUvJ8pB created 18-Feb-2021 (169 days). ....................................................................................................... 5982111499156037
  | | OK   : debu LTAI5tQmMTfSx9pg89kNcXzn created 05-Jul-2021 (31 days). ............................................................................................................. 5982111499156037
  | | ALARM: oscar LTAI4GD8KPPL6N3LZ5fZ1Pyx created 27-Jan-2021 (191 days). ........................................................................................................... 5982111499156037
  | | ALARM: kevin LTAI4GDtxHE67g2UujBMTUqp created 27-Jan-2021 (191 days). ........................................................................................................... 5982111499156037
  | | ALARM: dwight LTAI4FyxySVqXLsXNTJ8svo9 created 27-Jan-2021 (191 days). .......................................................................................................... 5982111499156037
  | | ALARM: pam LTAI4GHBBV1s8w5Kk3Jex3H8 created 27-Jan-2021 (191 days). ............................................................................................................. 5982111499156037
  | | ALARM: john LTAI4GBVEshZAjTFNf4ezv66 created 23-Feb-2021 (163 days). ............................................................................................................ 5982111499156037
  | | ALARM: john LTAI4G6DoDr1V1QxPeTnTqto created 25-Feb-2021 (162 days). ............................................................................................................ 5982111499156037
  | | OK   : sourav LTAI5tQyR5XwQXdaXx8KcUSV created 07-Jul-2021 (30 days). ........................................................................................................... 5982111499156037
  | | ALARM: jim LTAI4GALdnJDMGQdpxPwXkn3 created 27-Jan-2021 (191 days). ............................................................................................................. 5982111499156037
  | | ALARM: david LTAI5tL5AHdDuaVKQrR4jfhZ created 01-Apr-2021 (126 days). ........................................................................................................... 5982111499156037
  | | ALARM: michael LTAI4GG37PzvtqL8rgogq1An created 27-Jan-2021 (191 days). ......................................................................................................... 5982111499156037
  | | 
  | + 1.7 Ensure RAM password policy requires at least one uppercase letter ......................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Uppercase character not required. ........................................................................................................................................ 5982111499156037
  | | 
  | + 1.8 Ensure RAM password policy requires at least one lowercase letter ......................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Lowercase character not required. ........................................................................................................................................ 5982111499156037
  | | 
  | + 1.9 Ensure RAM password policy require at least one symbol .................................................................................................................  0 /   1 [=         ]
  | | | 
  | | OK   : Symbol required. ......................................................................................................................................................... 5982111499156037
  | | 
  | + 1.10 Ensure RAM password policy require at least one number ................................................................................................................  0 /   1 [=         ]
  | | | 
  | | OK   : Number required. ......................................................................................................................................................... 5982111499156037
  | | 
  | + 1.11 Ensure RAM password policy requires minimum length of 14 or greater ...................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Minimum password length set to 8. ........................................................................................................................................ 5982111499156037
  | | 
  | + 1.12 Ensure RAM password policy prevents password reuse ....................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Password reuse prevention set to 6. ...................................................................................................................................... 5982111499156037
  | | 
  | + 1.13 Ensure RAM password policy expires passwords within 90 days or less ...................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: Password expiration set to 100 days. ..................................................................................................................................... 5982111499156037
  | | 
  | + 1.14 Ensure RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour ...................................................................  0 /   1 [=         ]
  | | | 
  | | OK   : Max login attempts set to 5. ............................................................................................................................................. 5982111499156037
  | | 
  | + 1.16 Ensure RAM policies are attached only to groups or roles .............................................................................................................. 12 /  19 [==        ]
  |   | 
  |   ALARM: khushboo have direct policy attached. .................................................................................................................................... 5982111499156037
  |   OK   : pam not have any direct policy attached. ................................................................................................................................. 5982111499156037
  |   ALARM: cody have direct policy attached. ........................................................................................................................................ 5982111499156037
  |   ALARM: raj have direct policy attached. ......................................................................................................................................... 5982111499156037
  |   OK   : debu not have any direct policy attached. ................................................................................................................................ 5982111499156037
  |   ALARM: partha have direct policy attached. ...................................................................................................................................... 5982111499156037
  |   OK   : michael not have any direct policy attached. ............................................................................................................................. 5982111499156037
  |   OK   : cisuser not have any direct policy attached. ............................................................................................................................. 5982111499156037
  |   OK   : kevin not have any direct policy attached. ............................................................................................................................... 5982111499156037
  |   ALARM: sourav have direct policy attached. ...................................................................................................................................... 5982111499156037
  |   OK   : dwight not have any direct policy attached. .............................................................................................................................. 5982111499156037
  |   ALARM: oscar have direct policy attached. ....................................................................................................................................... 5982111499156037
  |   ALARM: rajeshbal have direct policy attached. ................................................................................................................................... 5982111499156037
  |   ALARM: subhajit have direct policy attached. .................................................................................................................................... 5982111499156037
  |   ALARM: john have direct policy attached. ........................................................................................................................................ 5982111499156037
  |   ALARM: lalit have direct policy attached. ....................................................................................................................................... 5982111499156037
  |   ALARM: nw-steampipe have direct policy attached. ................................................................................................................................ 5982111499156037
  |   OK   : jim not have any direct policy attached. ................................................................................................................................. 5982111499156037
  |   ALARM: david have direct policy attached. ....................................................................................................................................... 5982111499156037
  |   
  + 2 Logging and Monitoring .....................................................................................................................................................  6 /  39 [===       ]
  | | 
  | + 2.1 Ensure that ActionTrail are configured to export copies of all Log entries .............................................................................................  6 /   9 [==        ]
  | | | 
  | | ALARM:  is not configured to export copies of all log entries ......................................................................................................... us-east-1 5982111499156037
  | | OK   :  is configured to export copies of all log entries ............................................................................................................ ap-south-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ........................................................................................................ ap-south-1 5982111499156037
  | | OK   :  is configured to export copies of all log entries ............................................................................................................ ap-south-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ......................................................................................................... us-east-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ........................................................................................................ ap-south-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ........................................................................................................ ap-south-1 5982111499156037
  | | OK   :  is configured to export copies of all log entries ............................................................................................................ ap-south-1 5982111499156037
  | | ALARM:  is not configured to export copies of all log entries ......................................................................................................... us-east-1 5982111499156037
  | | 
  | + 2.2 Ensure the OSS used to store ActionTrail logs is not publicly accessible ...............................................................................................  0 /   9 [=         ]
  | | | 
  | | OK   : oss bucket turbottest60503 used to store ActionTrail logs is not publicly accessible. ......................................................................... ap-south-1 5982111499156037
  | | OK   : oss bucket test-ap-south-1 used to store ActionTrail logs is not publicly accessible. ......................................................................... ap-south-1 5982111499156037
  | | OK   : oss bucket nw-test-3 used to store ActionTrail logs is not publicly accessible. ............................................................................... ap-south-1 5982111499156037
  | | OK   : oss bucket nw-test-3 used to store ActionTrail logs is not publicly accessible. .............................................................................. cn-hangzhou 5982111499156037
  | | OK   : oss bucket test-ap-south-1 used to store ActionTrail logs is not publicly accessible. ........................................................................ cn-hangzhou 5982111499156037
  | | OK   : oss bucket turbottest60503 used to store ActionTrail logs is not publicly accessible. ........................................................................ cn-hangzhou 5982111499156037
  | | OK   : oss bucket nw-test-3 used to store ActionTrail logs is not publicly accessible. ................................................................................ us-east-1 5982111499156037
  | | OK   : oss bucket turbottest60503 used to store ActionTrail logs is not publicly accessible. .......................................................................... us-east-1 5982111499156037
  | | OK   : oss bucket test-ap-south-1 used to store ActionTrail logs is not publicly accessible. .......................................................................... us-east-1 5982111499156037
  | | 
  | + 2.3 Ensure audit logs for multiple cloud resources are integrated with Log Service .........................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.4 Ensure Log Service is enabled for Container Service for Kubernetes .....................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.5 Ensure virtual network flow log service is enabled .....................................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.6 Ensure Anti-DDoS access and security log service is enabled ............................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.7 Ensure Web Application Firewall access and security log service is enabled .............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.8 Ensure Cloud Firewall access and security log analysis is enabled ......................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.9 Ensure Security Center Network, Host and Security log analysis is enabled ..............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.10 Ensure log monitoring and alerts are set up for RAM Role changes ......................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.11 Ensure log monitoring and alerts are set up for Cloud Firewall changes ................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.12 Ensure log monitoring and alerts are set up for VPC network route changes .............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.13 Ensure log monitoring and alerts are set up for VPC changes ...........................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.14 Ensure log monitoring and alerts are set up for OSS permission changes ................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.15 Ensure log monitoring and alerts are set up for RDS instance configuration changes ....................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.16 Ensure a log monitoring and alerts are set up for unauthorized API calls ..............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.17 Ensure a log monitoring and alerts are set up for Management Console sign-in without MFA ..............................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.18 Ensure a log monitoring and alerts are set up for usage of 'root' account .............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.19 Ensure a log monitoring and alerts are set up for Management Console authentication failures ..........................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.20 Ensure a log monitoring and alerts are set up for disabling or deletion of customer created CMKs ......................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.21 Ensure a log monitoring and alerts are set up for OSS bucket policy changes ...........................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.22 Ensure a log monitoring and alerts are set up for security group changes ..............................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 2.23 Ensure that Logstore data retention period is set 365 days or greater .................................................................................................  0 /   1 [=         ]
  |   | 
  |   INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  |   
  + 3 Networking .................................................................................................................................................................  0 /   3 [=         ]
  | | 
  | + 3.1 Ensure legacy networks does not exist ..................................................................................................................................  0 /   0 [          ]
  | | | 
  | + 3.2 Ensure that SSH access is restricted from the internet .................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: column a.region_id does not exist
  | | 
  | + 3.3 Ensure VPC flow logging is enabled in all VPCs .........................................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 3.4 Ensure routing tables for VPC peering are 'least access' ...............................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 3.5 Ensure the security group are configured with fine grained rules .......................................................................................................  0 /   1 [=         ]
  |   | 
  |   INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  |   
  + 4 Virtual Machines ...........................................................................................................................................................  1 /   2 [==        ]
  | | 
  | + 4.1 Ensure that 'Unattached disks' are encrypted ...........................................................................................................................  1 /   1 [=         ]
  | | | 
  | | ALARM: test1 encryption disabled. ..................................................................................................................................... us-east-1 5982111499156037
  | | 
  | + 4.2 Ensure that 'Virtual Machine’s disk' are encrypted .....................................................................................................................  0 /   0 [          ]
  | | | 
  | + 4.3 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 ......................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: column a.region_id does not exist
  | | 
  | + 4.4 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 ....................................................................................................  1 /   1 [=         ]
  | | | 
  | | ERROR: column a.region_id does not exist
  | | 
  | + 4.5 Ensure that the latest OS Patches for all Virtual Machines are applied .................................................................................................  0 /   1 [=         ]
  |   | 
  |   INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  |   
  + 5 Storage .................................................................................................................................................................... 45 /  63 [====      ]
  | | 
  | + 5.1 Ensure that OSS bucket is not anonymously or publicly accessible .......................................................................................................  1 /  12 [==        ]
  | | | 
  | | OK   : test-ap-south-1 not publicly accessible. ...................................................................................................................... ap-south-1 5982111499156037
  | | OK   : kms-bucket not publicly accessible. ........................................................................................................................... cn-beijing 5982111499156037
  | | OK   : turbottest39313 not publicly accessible. ....................................................................................................................... us-east-1 5982111499156037
  | | OK   : nw-test-3 not publicly accessible. ............................................................................................................................. us-east-1 5982111499156037
  | | OK   : turbottest60503 not publicly accessible. ....................................................................................................................... us-east-1 5982111499156037
  | | OK   : turbottest45802 not publicly accessible. ....................................................................................................................... us-east-1 5982111499156037
  | | OK   : cis-test2 not publicly accessible. ............................................................................................................................. us-east-1 5982111499156037
  | | OK   : turbottest2670 not publicly accessible. ........................................................................................................................ us-east-1 5982111499156037
  | | OK   : turbottest96253 not publicly accessible. ....................................................................................................................... us-east-1 5982111499156037
  | | OK   : canonical-test not publicly accessible. ........................................................................................................................ us-east-1 5982111499156037
  | | OK   : nw-test-1 not publicly accessible. ............................................................................................................................. us-east-1 5982111499156037
  | | ALARM: cis-test-mar12 publicly accessible. ............................................................................................................................ us-east-1 5982111499156037
  | | 
  | + 5.2 Ensure that there are no publicly accessible objects in storage buckets ................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 5.3 Ensure that logging is enabled for OSS buckets ......................................................................................................................... 10 /  12 [==        ]
  | | | 
  | | ALARM: test-ap-south-1 logging disabled. ............................................................................................................................. ap-south-1 5982111499156037
  | | ALARM: turbottest60503 logging disabled. .............................................................................................................................. us-east-1 5982111499156037
  | | ALARM: nw-test-1 logging disabled. .................................................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest39313 logging disabled. .............................................................................................................................. us-east-1 5982111499156037
  | | OK   : cis-test-mar12 logging enabled. ................................................................................................................................ us-east-1 5982111499156037
  | | ALARM: turbottest45802 logging disabled. .............................................................................................................................. us-east-1 5982111499156037
  | | ALARM: turbottest2670 logging disabled. ............................................................................................................................... us-east-1 5982111499156037
  | | OK   : cis-test2 logging enabled. ..................................................................................................................................... us-east-1 5982111499156037
  | | ALARM: nw-test-3 logging disabled. .................................................................................................................................... us-east-1 5982111499156037
  | | ALARM: canonical-test logging disabled. ............................................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest96253 logging disabled. .............................................................................................................................. us-east-1 5982111499156037
  | | ALARM: kms-bucket logging disabled. .................................................................................................................................. cn-beijing 5982111499156037
  | | 
  | + 5.4 Ensure that 'Secure transfer required' is set to 'Enabled' ............................................................................................................. 11 /  12 [==        ]
  | | | 
  | | OK   : test-ap-south-1 bucket policy enforces HTTPS. ................................................................................................................. ap-south-1 5982111499156037
  | | ALARM: kms-bucket bucket policy does not enforce HTTPS. .............................................................................................................. cn-beijing 5982111499156037
  | | ALARM: turbottest39313 bucket policy does not enforce HTTPS. .......................................................................................................... us-east-1 5982111499156037
  | | ALARM: nw-test-3 bucket policy does not enforce HTTPS. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: turbottest60503 bucket policy does not enforce HTTPS. .......................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest45802 bucket policy does not enforce HTTPS. .......................................................................................................... us-east-1 5982111499156037
  | | ALARM: cis-test2 bucket policy does not enforce HTTPS. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: turbottest2670 bucket policy does not enforce HTTPS. ........................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest96253 bucket policy does not enforce HTTPS. .......................................................................................................... us-east-1 5982111499156037
  | | ALARM: canonical-test bucket policy does not enforce HTTPS. ........................................................................................................... us-east-1 5982111499156037
  | | ALARM: nw-test-1 bucket policy does not enforce HTTPS. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: cis-test-mar12 bucket policy does not enforce HTTPS. ........................................................................................................... us-east-1 5982111499156037
  | | 
  | + 5.5 Ensure that the shared URL signature expires within an hour ............................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 5.6 Ensure that URL signature is allowed only over https ...................................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 5.8 Ensure server-side encryption is set to 'Encrypt with Service Key' ..................................................................................................... 11 /  12 [==        ]
  | | | 
  | | ALARM: test-ap-south-1 not encrypted with Service Key. ............................................................................................................... ap-south-1 5982111499156037
  | | ALARM: kms-bucket not encrypted with Service Key. .................................................................................................................... cn-beijing 5982111499156037
  | | ALARM: turbottest39313 not encrypted with Service Key. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: nw-test-3 not encrypted with Service Key. ...................................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest60503 not encrypted with Service Key. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: turbottest45802 not encrypted with Service Key. ................................................................................................................ us-east-1 5982111499156037
  | | ALARM: cis-test2 not encrypted with Service Key. ...................................................................................................................... us-east-1 5982111499156037
  | | ALARM: turbottest2670 not encrypted with Service Key. ................................................................................................................. us-east-1 5982111499156037
  | | ALARM: turbottest96253 not encrypted with Service Key. ................................................................................................................ us-east-1 5982111499156037
  | | OK   : canonical-test encrypted with Service Key. ..................................................................................................................... us-east-1 5982111499156037
  | | ALARM: nw-test-1 not encrypted with Service Key. ...................................................................................................................... us-east-1 5982111499156037
  | | ALARM: cis-test-mar12 not encrypted with Service Key. ................................................................................................................. us-east-1 5982111499156037
  | | 
  | + 5.9 Ensure server-side encryption is set to 'Encrypt with BYOK' ............................................................................................................ 12 /  12 [=         ]
  |   | 
  |   ALARM: test-ap-south-1 not encrypted with BYOK. ...................................................................................................................... ap-south-1 5982111499156037
  |   ALARM: kms-bucket not encrypted with BYOK. ........................................................................................................................... cn-beijing 5982111499156037
  |   ALARM: turbottest39313 not encrypted with BYOK. ....................................................................................................................... us-east-1 5982111499156037
  |   ALARM: nw-test-3 not encrypted with BYOK. ............................................................................................................................. us-east-1 5982111499156037
  |   ALARM: turbottest60503 not encrypted with BYOK. ....................................................................................................................... us-east-1 5982111499156037
  |   ALARM: turbottest45802 not encrypted with BYOK. ....................................................................................................................... us-east-1 5982111499156037
  |   ALARM: cis-test2 not encrypted with BYOK. ............................................................................................................................. us-east-1 5982111499156037
  |   ALARM: turbottest2670 not encrypted with BYOK. ........................................................................................................................ us-east-1 5982111499156037
  |   ALARM: turbottest96253 not encrypted with BYOK. ....................................................................................................................... us-east-1 5982111499156037
  |   ALARM: canonical-test not encrypted with BYOK. ........................................................................................................................ us-east-1 5982111499156037
  |   ALARM: nw-test-1 not encrypted with BYOK. ............................................................................................................................. us-east-1 5982111499156037
  |   ALARM: cis-test-mar12 not encrypted with BYOK. ........................................................................................................................ us-east-1 5982111499156037
  |   
  + 6 Relational Database Services ...............................................................................................................................................  0 /   0 [          ]
  | | 
  | + 6.1 Ensure that RDS instance requires all incoming connections to use SSL ..................................................................................................  0 /   0 [          ]
  | | | 
  | + 6.2 Ensure that RDS Instances are not open to the world ....................................................................................................................  0 /   0 [          ]
  | | | 
  | + 6.3 Ensure that 'Auditing' is set to 'On' for applicable database instances ................................................................................................  0 /   0 [          ]
  | | | 
  | + 6.4 Ensure that 'Auditing' Retention is 'greater than 6 months' ............................................................................................................  0 /   0 [          ]
  | | | 
  | + 6.5 Ensure that 'TDE' is set to 'Enabled' on for applicable database instance ..............................................................................................  0 /   0 [          ]
  | | | 
  | + 6.7 Ensure parameter 'log_connections' is set to 'ON' for PostgreSQL Database ..............................................................................................  0 /   0 [          ]
  | | | 
  | + 6.8 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server .............................................................................  0 /   0 [          ]
  | | | 
  | + 6.9 Ensure server parameter 'log_duration is set to 'ON' for PostgreSQL Database Server ....................................................................................  0 /   0 [          ]
  |   | 
  + 7 Kubernetes Engine ..........................................................................................................................................................  0 /   5 [=         ]
  | | 
  | + 7.1 Ensure Log Service is set to 'Enabled' on Kubernetes Engine Clusters ...................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 7.4 Ensure Cluster Check triggered at least once per week for Kubernetes Clusters ..........................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 7.5 Ensure Kubernetes web UI / Dashboard is not enabled ....................................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 7.6 Ensure Basic Authentication is not enabled on Kubernetes Engine ........................................................................................................  0 /   1 [=         ]
  | | | 
  | | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  | | 
  | + 7.7 Ensure Network policy is enabled on Kubernetes Engine Clusters .........................................................................................................  0 /   0 [          ]
  | | | 
  | + 7.8 Ensure ENI multiple IP mode support for Kubernetes Cluster .............................................................................................................  0 /   0 [          ]
  | | | 
  | + 7.9 Ensure Kubernetes Cluster is created with Private cluster enabled ......................................................................................................  0 /   1 [=         ]
  |   | 
  |   INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
  |   
  + 8 Security Center ............................................................................................................................................................  1 /   7 [==        ]
    | 
    + 8.1 Ensure that Security Center is Advanced or Enterprise Edition ..........................................................................................................  1 /   1 [=         ]
    | | 
    | ALARM: Security Center Enterprise or Advanced edition disabled. ..................................................................................................... cn-hangzhou 5982111499156037
    | 
    + 8.3 Ensure that Automatic Quarantine is enabled ............................................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.4 Ensure that Webshell detection is enabled on all web servers ...........................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.5 Ensure that notification is enabled on all high risk items .............................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.6 Ensure that Config Assessment is granted with privilege ................................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.7 Ensure that scheduled vulnerability scan is enabled on all servers .....................................................................................................  0 /   1 [=         ]
    | | 
    | INFO : Manual verification required. ............................................................................................................................................ 5982111499156037
    | 
    + 8.8 Ensure that Asset Fingerprint automatically collects asset fingerprint data ............................................................................................  0 /   1 [=         ]
      | 
      INFO : Manual verification required. ............................................................................................................................................ 5982111499156037

[rajlearner17]

Marking this closed will be revisited based on the reproduction of the issue.