# Step 1: Evidence Details

|System|Source of data|Frameworks|Purpose|
|---|---|---|---|
|aws|compliancecow||Filter the AWS Config rule evaluation details and produce compliance data based on the provided rule configuration file.|

```
RecomendedEvidenceName: Evidence name is provided in the rule configuration file.
```

# Step 2: Define the System Specific Data (a.k.a Extended Data Schema)


In [None]:
# RuleConfigFile Sample

  {
		"RuleName": "ec2-instance-profile-attached",
		"EvidenceName": "Ec2InstanceProfileAttached",
		"COMPLIANT": [
			{
				"ValidationStatusCode": "EC2_INSTANCE_PROFILE_ATTACHED",
				"ValidationStatusNotes": "An IAM profile is attached to the Amazon EC2 instance.",
				"ComplianceStatusReason": "The Amazon EC2 instance has an IAM profile attached. This allows for secure and controlled access to AWS resources by granting specific permissions"
			}
		],
		"NON_COMPLIANT": [
			{
			  "ValidationStatusCode": "EC2_INSTANCE_PROFILE_NOT_ATTACHED",
				"ValidationStatusNotes": "No IAM profile is attached to the Amazon EC2 instance.",
				"ComplianceStatusReason": "The Amazon EC2 instance does not have an IAM profile attached. Without an IAM profile attached an EC2 instance lacks access to required AWS resources, potentially causing functionality issues or security gaps"
			}
		]
	}



# Rule list sample

   {
		"ConfigRuleArn": "arn:aws:config:us-west-2:06845792626:config-rule/config-rule-test",
		"ConfigRuleId": "config-rule-test",
		"ConfigRuleName": "ec2-instance-profile-attached",
		"ConfigRuleState": "ACTIVE",
		"CreatedBy": null,
		"Description": "Checks if an Amazon Elastic Compute Cloud (Amazon EC2) instance has an Identity and Access Management (IAM) profile attached to it. This rule is NON_COMPLIANT if no IAM profile is attached to the Amazon EC2 instance.",
		"InputParameters": "{}",
		"MaximumExecutionFrequency": null,
		"Scope": {
			"ComplianceResourceId": null,
			"ComplianceResourceTypes": [
				"AWS::EC2::Instance"
			],
			"TagKey": null,
			"TagValue": null
		},
		"Source": {
			"CustomPolicyDetails": null,
			"Owner": "AWS",
			"SourceDetails": null,
			"SourceIdentifier": "EC2_INSTANCE_PROFILE_ATTACHED"
		}
	}


 # EvaluationResult Sample

  {
		"EvaluationResult": {
			"Annotation": null,
			"ComplianceType": "COMPLIANT",
			"ConfigRuleInvokedTime": "2022-01-25T03:21:09.75Z",
			"EvaluationResultIdentifier": {
				"EvaluationResultQualifier": {
					"ConfigRuleName": "ec2-instance-profile-attached",
					"ResourceId": "i-071cdvakj90e43",
					"ResourceType": "AWS::EC2::Instance"
				},
				"OrderingTimestamp": "2022-01-25T03:20:39.787Z"
			},
			"ResultRecordedTime": "2022-01-25T03:21:10.013Z",
			"ResultToken": null
		},
		"ResourceName": "",
		"AwsRegion": ""
	}


# Step 3: Define the Standard Schema
  


In [None]:
{
        "System": "aws",
        "Source": "aws_config",
        "ResourceId": "i-071cdvakj90e43",
        "ResourceName": "",
        "ResourceType": "AWS::EC2::Instance",
        "ResourceLocation": "",
        "ResourceURL": "N/A", # Resource URL is  applicable for restricted resources
        "ConfigRuleName": "ec2-instance-profile-attached",
        "ValidationStatusCode": "EC2_INSTANCE_PROFILE_ATTACHED",
        "ValidationStatusNotes": "An IAM profile is attached to the Amazon EC2 instance.",
        "ComplianceStatus": "COMPLIANT",
        "ComplianceStatusReason": "The Amazon EC2 instance has an IAM profile attached. This allows for secure and controlled access to AWS resources by granting specific permissions",
        "EvaluationTime": "2022-01-25T03:21:10.013Z",
        "UserAction": "",
        "ActionStatus": "",
        "ActionResponseURL": ""
}

# Step 3.a: Sample Data

| System | Source      | ResourceId       | ResourceName | ResourceType          | ResourceLocation | ResourceURL | ConfigRuleName                  | ValidationStatusCode           | ValidationStatusNotes                                       | ComplianceStatus | ComplianceStatusReason                                                                                           | EvaluationTime           | UserAction | ActionStatus | ActionResponseURL |
|--------|-------------|------------------|--------------|-----------------------|------------------|-------------|--------------------------------|--------------------------------|-------------------------------------------------------------|------------------|------------------------------------------------------------------------------------------------------------------|--------------------------|------------|-------------|-------------------|
| aws    | aws_config  | i-071cdvakj90e43 |              | AWS::EC2::Instance    |                  | N/A         | ec2-instance-profile-attached   | EC2_INSTANCE_PROFILE_ATTACHED   | An IAM profile is attached to the Amazon EC2 instance.        | COMPLIANT        | The Amazon EC2 instance has an IAM profile attached. This allows for secure and controlled access to AWS resources by granting specific permissions. | 2022-01-25T03:21:10.013Z |            |             |                   |


# Step 4: Describe the Compliance Taxonomy

ValidationStatusCode, ValidationStatusNotes, ComplianceStatus, and ComplianceStatusReason will be reflected based on the rule configuration file. Please see the example below.



| **ValidationStatusCode**         | **ValidationStatusNotes**                          | **ComplianceStatus** | **ComplianceStatusReason**                                                                                                                                                    |
|---------------------------------|----------------------------------------------------|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| EC2_INSTANCE_PROFILE_ATTACHED   | An IAM profile is attached to the Amazon EC2 instance. | COMPLIANT            | The Amazon EC2 instance has an IAM profile attached. This allows for secure and controlled access to AWS resources by granting specific permissions. |
| EC2_INSTANCE_PROFILE_NOT_ATTACHED   | No IAM profile is attached to the Amazon EC2 instance. | NON_COMPLIANT            | The Amazon EC2 instance does not have an IAM profile attached. Without an IAM profile attached an EC2 instance lacks access to required AWS resources, potentially causing functionality issues or security gaps |

# Step 5: Calculation for Compliance Percentage and Status




In [None]:
# Calculation of Compliance Percentage

TotalRecordCount = Count of 'COMPLIANT' and 'NON_COMPLIANT' records
FailedRecordCount = Count of 'NON_COMPLIANT' records

CompliancePCT = int(100 - ((FailedRecordCount * 100) / TotalRecordCount))

Compliance Status
COMPLIANT - 100%
NON_COMPLIANT - 0% to less than 100%

# Step 6: Describe (in words) the Remediation Steps for Non-Compliance

In [None]:
1. CreateJiraTicket
2. NotifyBySlackChannel

# Step 7: Control Setup Details

| Control Details            |                               |
|----------------------------|-------------------------------|
| **RuleName**               | GetFilterAWSConfigRuleEvaualtionDetails                  |
| **PreRequisiteRuleNames**  | GetAWSConfigRuleEvaluationDetails           |
| **ApplicationClassName**   | AWSAppConnector               |