updating Queries

compliance/controls/rename_integration_type_name.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Description:
+# This script traverses all subdirectories to find YAML files containing the 'Integration_Type_Name' key
+# and renames the key to 'IntegrationTypeName' while preserving its values.
+
+# Define the root directory (current directory)
+ROOT_DIR="."
+
+# Create or clear the log files
+> renamed_files.log
+> error_files.log
+> error_messages.log
+
+# Find all .yaml and .yml files
+find "$ROOT_DIR" -type f \( -iname "*.yaml" -o -iname "*.yml" \) -print0 | while IFS= read -r -d '' file; do
+  # Check if the file contains the 'Integration_Type_Name:' key
+  if grep -q '^Integration_Type_Name:' "$file"; then
+    echo "Processing: $file"
+
+    # Apply the yq transformation to rename the key
+    if yq eval -i '
+      .IntegrationTypeName = .Integration_Type_Name |
+      del(.Integration_Type_Name)
+    ' "$file"; then
+      echo "$file renamed successfully." >> renamed_files.log
+    else
+      echo "Error renaming $file" >> error_files.log
+      # Capture detailed error messages
+      yq eval -i '
+        .IntegrationTypeName = .Integration_Type_Name |
+        del(.Integration_Type_Name)
+      ' "$file" 2>> error_messages.log
+    fi
+  fi
+done
+
+echo "Bulk renaming completed. Check 'renamed_files.log' for details."
+echo "Any errors are logged in 'error_files.log' and 'error_messages.log'."

queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml

@@ -1,16 +1,25 @@
 Description: List of lambda functions which are not encrypted with CMK
 ID: aws_insight_lambda_function_not_cmk_encrypted
 IntegrationType:
-- aws_cloud_account
+  - aws_cloud_account
 Query:
   Engine: CloudQL-v0.0.1
   ListOfTables:
-  - aws_lambda_function
+    - aws_lambda_function
   Parameters: []
   PrimaryTable: aws_lambda_function
-  QueryToExecute: "select\n  name,\n  kms_key_arn, account_id, og_account_id, og_resource_id\n\
-    from\n  aws_lambda_function\nwhere\n  kms_key_arn is null;"
+  QueryToExecute: |
+    SELECT
+      name,
+      kms_key_arn,
+      account_id,
+      og_account_id,
+      og_resource_id
+    FROM
+      aws_lambda_function
+    WHERE
+      kms_key_arn IS NULL;
 Tags:
   category:
-  - Security
-Title: Unencrypted Lambda
+    - Security
+Title: Unencrypted Lambda

queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml

@@ -1,19 +1,20 @@
 Description: List certificates for which transparency logging is disabled
 ID: aws_insight_acm_certificate_transparency_logging_disabled
 IntegrationType:
-- aws_cloud_account
+  - aws_cloud_account
 Query:
   Engine: CloudQL-v0.0.1
   ListOfTables:
-  - aws_acm_certificate
+    - aws_acm_certificate
   Parameters: []
   PrimaryTable: aws_acm_certificate
-  QueryToExecute: "select certificate_arn, domain_name, status, account_id, og_account_id,\
-    \ og_resource_id from\n  aws_acm_certificate\nwhere\n  certificate_transparency_logging_preference\
-    \ <> 'ENABLED';"
+  QueryToExecute: |
+    SELECT certificate_arn, domain_name, status, account_id, og_account_id, og_resource_id 
+    FROM aws_acm_certificate
+    WHERE certificate_transparency_logging_preference <> 'ENABLED';
 Tags:
   category:
-  - Security
-  - Technical Debt
-  - Resiliency
-Title: Certificates with no Logging
+    - Security
+    - Technical Debt
+    - Resiliency
+Title: Certificates with no Logging

queries/11-aws_insight_acm_certificate_expired.yaml

@@ -1,19 +1,26 @@
 Description: List of expired certificates
 ID: aws_insight_acm_certificate_expired
 IntegrationType:
-- aws_cloud_account
+  - aws_cloud_account
 Query:
   Engine: CloudQL-v0.0.1
   ListOfTables:
-  - aws_acm_certificate
+    - aws_acm_certificate
   Parameters: []
   PrimaryTable: aws_acm_certificate
-  QueryToExecute: "select certificate_arn, domain_name, status, account_id, og_account_id,\
-    \ og_resource_id from\n  aws_acm_certificate\nwhere\n  status = 'EXPIRED';"
+  QueryToExecute: |
+    SELECT certificate_arn, 
+           domain_name, 
+           status, 
+           account_id, 
+           og_account_id, 
+           og_resource_id 
+    FROM aws_acm_certificate
+    WHERE status = 'EXPIRED';
 Tags:
   category:
-  - Security
-  - Technical Debt
-  - Resiliency
-  - Cost Management
-Title: Expired Certificates
+    - Security
+    - Technical Debt
+    - Resiliency
+    - Cost Management
+Title: Expired Certificates

queries/12-aws_insight_ebs_snapshot_older_than_year.yaml

@@ -1,18 +1,20 @@
 Description: List Snapshots older than 365 days
 ID: aws_insight_ebs_snapshot_older_than_year
 IntegrationType:
-- aws_cloud_account
+  - aws_cloud_account
 Query:
   Engine: CloudQL-v0.0.1
   ListOfTables:
-  - aws_ebs_snapshot
+    - aws_ebs_snapshot
   Parameters: []
   PrimaryTable: aws_ebs_snapshot
-  QueryToExecute: SELECT snapshot_id, arn, start_time, account_id, og_account_id,
-    og_resource_id FROM aws_ebs_snapshot WHERE start_time < now() - interval '1 year';
+  QueryToExecute: |
+    SELECT snapshot_id, arn, start_time, account_id, og_account_id, og_resource_id
+    FROM aws_ebs_snapshot
+    WHERE start_time < NOW() - INTERVAL '1 year';
 Tags:
   category:
-  - Security
-  - Technical Debt
-  - Cost Management
-Title: Snapshots older than a year
+    - Security
+    - Technical Debt
+    - Cost Management
+Title: Snapshots older than a year

queries/13-aws_insight_ec2_classic_load_balancer.yaml

@@ -1,22 +1,29 @@
 Description: List all Classic Load Balancer. Link here.
 ID: aws_insight_ec2_classic_load_balancer
 IntegrationType:
-- aws_cloud_account
+  - aws_cloud_account
 Query:
   Engine: CloudQL-v0.0.1
   ListOfTables:
-  - aws_ec2_classic_load_balancer
+    - aws_ec2_classic_load_balancer
   Parameters: []
   PrimaryTable: aws_ec2_classic_load_balancer
-  QueryToExecute: SELECT name, arn, account_id, og_account_id, og_resource_id FROM
-    aws_ec2_classic_load_balancer
+  QueryToExecute: |
+    SELECT 
+      NAME, 
+      ARN, 
+      ACCOUNT_ID, 
+      OG_ACCOUNT_ID, 
+      OG_RESOURCE_ID 
+    FROM 
+      AWS_EC2_CLASSIC_LOAD_BALANCER
 Tags:
   category:
-  - Security
-  - Technical Debt
-  - Resiliency
+    - Security
+    - Technical Debt
+    - Resiliency
   persona:
-  - Executive
-  - Product
-  - FinOps
-Title: Classic Load Balancers
+    - Executive
+    - Product
+    - FinOps
+Title: Classic Load Balancers

queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml

@@ -1,29 +1,43 @@
-Description: List all Load Balancers with out SSL
+Description: List all Load Balancers without SSL
 ID: aws_insight_elb_classic_lb_use_ssl_certificate
 IntegrationType:
-- aws_cloud_account
+  - aws_cloud_account
 Query:
   Engine: CloudQL-v0.0.1
   ListOfTables:
-  - aws_ec2_classic_load_balancer
+    - aws_ec2_classic_load_balancer
   Parameters: []
   PrimaryTable: aws_ec2_classic_load_balancer
-  QueryToExecute: "with detailed_classic_listeners as (\n  select\n    name\n  from\n\
-    \    aws_ec2_classic_load_balancer,\n    jsonb_array_elements(listener_descriptions)\
-    \ as listener_description\n  where\n    listener_description -> 'Listener' ->>\
-    \ 'Protocol' in ('HTTPS', 'SSL', 'TLS')\n    and listener_description -> 'Listener'\
-    \ ->> 'SSLCertificateId' like 'arn:aws:acm%'\n)\nselect\n  -- Required Columns\n\
-    \  'arn:' || a.partition || ':elasticloadbalancing:' || a.region || ':' || a.account_id\
-    \ || ':loadbalancer/' || a.name as resource,\n  case\n    when a.listener_descriptions\
-    \ is null then 'skip'\n    when b.name is not null then 'alarm'\n    else 'ok'\n\
-    \  end as status,\n  case\n    when a.listener_descriptions is null then a.title\
-    \ || ' has no listener.'\n    when b.name is not null then a.title || ' does not\
-    \ use certificates provided by ACM.'\n    else a.title || ' uses certificates\
-    \ provided by ACM.'\n  end as reason,\n  -- Additional Dimensions\n  region,\n\
-    \  account_id, og_account_id, og_resource_id\nfrom\n  aws_ec2_classic_load_balancer\
-    \ as a\n  left join detailed_classic_listeners as b on a.name = b.name;"
+  QueryToExecute: |
+    WITH detailed_classic_listeners AS (
+      SELECT
+        name
+      FROM
+        aws_ec2_classic_load_balancer,
+        jsonb_array_elements(listener_descriptions) AS listener_description
+      WHERE
+        listener_description -> 'Listener' ->> 'Protocol' IN ('HTTPS', 'SSL', 'TLS')
+        AND listener_description -> 'Listener' ->> 'SSLCertificateId' LIKE 'arn:aws:acm%'
+    )
+    SELECT
+      'arn:' || a.partition || ':elasticloadbalancing:' || a.region || ':' || a.account_id || ':loadbalancer/' || a.name AS resource,
+      CASE
+        WHEN a.listener_descriptions IS NULL THEN 'skip'
+        WHEN b.name IS NOT NULL THEN 'alarm'
+        ELSE 'ok'
+      END AS status,
+      CASE
+        WHEN a.listener_descriptions IS NULL THEN a.title || ' has no listener.'
+        WHEN b.name IS NOT NULL THEN a.title || ' does not use certificates provided by ACM.'
+        ELSE a.title || ' uses certificates provided by ACM.'
+      END AS reason,
+      region,
+      account_id, og_account_id, og_resource_id
+    FROM
+      aws_ec2_classic_load_balancer AS a
+    LEFT JOIN detailed_classic_listeners AS b ON a.name = b.name;
 Tags:
   category:
-  - Security
-  - Technical Debt
-Title: Load Balancers with no SSL
+    - Security
+    - Technical Debt
+Title: Load Balancers with no SSL

queries/15-aws_insight_elb_application_lb_waf_enabled.yaml

@@ -1,22 +1,32 @@
 Description: List all ELB with no WAF.
 ID: aws_insight_elb_application_lb_waf_enabled
 IntegrationType:
-- aws_cloud_account
+  - aws_cloud_account
 Query:
   Engine: CloudQL-v0.0.1
   ListOfTables:
-  - aws_ec2_application_load_balancer
+    - aws_ec2_application_load_balancer
   Parameters: []
   PrimaryTable: aws_ec2_application_load_balancer
-  QueryToExecute: "select\n  -- Required Columns\n  arn as resource, account_id, og_account_id,\
-    \ og_resource_id,\n  case\n    when load_balancer_attributes @> '[{\"Key\":\"\
-    waf.fail_open.enabled\",\"Value\":\"true\"}]' then 'ok'\n    else 'alarm'\n  end\
-    \ as status,\n  case\n    when load_balancer_attributes @> '[{\"Key\":\"waf.fail_open.enabled\"\
-    ,\"Value\":\"true\"}]' then title || ' WAF enabled.'\n    else title || ' WAF\
-    \ disabled.'\n  end as reason,\n  -- Additional Dimensions\n  region \nfrom\n\
-    \  aws_ec2_application_load_balancer;"
+  QueryToExecute: |
+    SELECT
+      arn AS resource,
+      account_id,
+      og_account_id,
+      og_resource_id,
+      CASE
+        WHEN load_balancer_attributes @> '[{"Key":"waf.fail_open.enabled","Value":"true"}]' THEN 'ok'
+        ELSE 'alarm'
+      END AS status,
+      CASE
+        WHEN load_balancer_attributes @> '[{"Key":"waf.fail_open.enabled","Value":"true"}]' THEN title || ' WAF enabled.'
+        ELSE title || ' WAF disabled.'
+      END AS reason,
+      region
+    FROM
+      aws_ec2_application_load_balancer;
 Tags:
   category:
-  - Security
-  - Technical Debt
-Title: Load Balancers with no WAF
+    - Security
+    - Technical Debt
+Title: Load Balancers with no WAF

queries/16-aws_insight_vpc_with_public_cidr.yaml

@@ -1,21 +1,32 @@
 Description: List VPCs with public CIDR blocks
 ID: aws_insight_vpc_with_public_cidr
 IntegrationType:
-- aws_cloud_account
+  - aws_cloud_account
 Query:
   Engine: CloudQL-v0.0.1
   ListOfTables:
-  - aws_vpc
+    - aws_vpc
   Parameters: []
   PrimaryTable: aws_vpc
-  QueryToExecute: "select\n  vpc_id,\n  cidr_block,\n  state,\n  region, account_id,\
-    \ og_account_id, og_resource_id\nfrom\n  aws_vpc\nwhere\n  (not cidr_block <<=\
-    \ '10.0.0.0/8'\n  and not cidr_block <<= '192.168.0.0/16'\n  and not cidr_block\
-    \ <<= '172.16.0.0/12');"
+  QueryToExecute: |
+    SELECT
+      vpc_id,
+      cidr_block,
+      state,
+      region,
+      account_id,
+      og_account_id,
+      og_resource_id
+    FROM
+      aws_vpc
+    WHERE
+      (NOT cidr_block <<= '10.0.0.0/8'
+      AND NOT cidr_block <<= '192.168.0.0/16'
+      AND NOT cidr_block <<= '172.16.0.0/12');
 Tags:
   category:
-  - Security
-  - Technical Debt
-  - Resiliency
-  - Cost Management
-Title: VPCs with Public IP Range
+    - Security
+    - Technical Debt
+    - Resiliency
+    - Cost Management
+Title: VPCs with Public IP Range