In [1]:
from pinecone.grpc import PineconeGRPC as Pinecone
from pinecone import ServerlessSpec
from pinecone import Pinecone

from sentence_transformers import SentenceTransformer
import os
from dotenv import load_dotenv

  from .autonotebook import tqdm as notebook_tqdm


In [25]:
# Define Pinecone API Key
load_dotenv()
PINECONE_API_KEY = os.getenv("PINECONE_API_KEY")

# Initialize Pinecone Client
pc = Pinecone(api_key=PINECONE_API_KEY)

index_name = "cis-aws-benchmark"
index = pc.Index(index_name)

In [30]:
# Load embedding model for queries
embedding_model = SentenceTransformer("all-MiniLM-L6-v2")

# Define example query
query_text = "CIS AWS Benchmark best practices for CloudTrail security"

# Convert query to an embedding
query_embedding = embedding_model.encode([query_text])

# Perform similarity search in Pinecone
results = index.query(
    namespace="capstone-g3",
    vector=query_embedding[0].tolist(),
    top_k=5,
    include_values=False,
    include_metadata=True
)

# Display results
print("\n🔹 Top Matching Sections from Pinecone:")
for match in results["matches"]:
    print(f"\n📄 Section: {match['metadata']['source']}")
    print(f"🔹 Similarity Score: {match['score']}")
    print(match['metadata']['text'])


🔹 Top Matching Sections from Pinecone:

📄 Section: 2.1.1_Ensure_S3_Bucket_Policy_is_set_to_deny_HTTP_requests.md
🔹 Similarity Score: 0.452721477
(Automated)

Profile Applicability:

•  Level 2

Description:

At the Amazon S3 bucket level, you can configure permissions through a bucket policy,
making the objects accessible only through HTTPS.

Rationale:

By default, Amazon S3 allows both HTTP and HTTPS requests. To ensure that access
to Amazon S3 objects is only permitted through HTTPS, you must explicitly deny HTTP
requests. Bucket policies that allow HTTPS requests without explicitly denying HTTP
requests will not comply with this recommendation.

Audit:

To allow access to HTTPS, you can use a bucket policy with the effect allow and a
condition that checks for the key "aws:SecureTransport": "true". This means that
HTTPS requests are allowed, but it does not deny HTTP requests. To explicitly deny
HTTP access, ensure that there is also a bucket policy with the effect deny that contai