feat(aws): New CloudTrail, DLM, DocumentDB, EC2, Account and Support checks

[jit-contrib]

Context

Adding 6 new AWS rules

Description

This PR implement the fixes suggested in #2645.

List of new added rules:

• account_maintain_different_contact_details_to_security_billing_and_operations
• cloudtrail_multi_region_enabled_logging_management_events
• dlm_ebs_snapshot_lifecycle_policy_exists
• ec2_ebs_volume_snapshots_exists
• documentdb_instance_storage_encrypted
• trustedadvisor_premium_support_plan_subscribed

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov]

Codecov Report

Merging #2675 (01c55c8) into master (6558aed) will increase coverage by 0.03%.
Report is 44 commits behind head on master.
The diff coverage is 91.01%.

@@            Coverage Diff             @@
##           master    #2675      +/-   ##
==========================================
+ Coverage   86.23%   86.26%   +0.03%     
==========================================
  Files         539      551      +12     
  Lines       17453    17632     +179     
==========================================
+ Hits        15051    15211     +160     
- Misses       2402     2421      +19     

Files	Coverage Δ
...tact_details_to_security_billing_and_operations.py	100.00% <100.00%> (ø)
..._region_enabled/cloudtrail_multi_region_enabled.py	100.00% <ø> (ø)
..._multi_region_enabled_logging_management_events.py	100.00% <100.00%> (ø)
..._enabled/cloudtrail_s3_dataevents_write_enabled.py	100.00% <ø> (ø)
...ders/aws/services/cloudtrail/cloudtrail_service.py	90.35% <ø> (ø)
prowler/providers/aws/services/dlm/dlm_client.py	100.00% <100.00%> (ø)
...exists/dlm_ebs_snapshot_lifecycle_policy_exists.py	100.00% <100.00%> (ø)
prowler/providers/aws/services/dlm/dlm_service.py	100.00% <100.00%> (ø)
...iders/aws/services/documentdb/documentdb_client.py	100.00% <100.00%> (ø)
...encrypted/documentdb_instance_storage_encrypted.py	100.00% <100.00%> (ø)
... and 7 more

... and 20 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[jfagoagas]

I've left a lot of comments / changes since some parts of this PR are not coded following our guidelines:

• Some services are duplicated since documentdb (like neptune) API points to the rds API underneath.
• The support service is created within the trustedadvisor service so there is no need to have another service.
• Regarding the support check we have to include a list of accounts using the configuration file because we cannot raise a FAIL in each Prowler scan if the account has not AWS Premium Support configured.

I recommend you to follow the Prowler Developer Guide here https://docs.prowler.cloud/en/latest/developer-guide/introduction/ and we can talk more about this using the Slack.

[jfagoagas]

This check is not working as expected, in our demo environments it is raising a FAIL finding while having a multi-region CloudTrail logging all the management events. Please check this out.

[jfagoagas]

Suggested change

	raise error
	logger.error(
	f"{regional_client.region} --"
	f" {error.__class__.__name__}[{error.__traceback__.tb_lineno}]:"
	f" {error}"
	)

[jit-contrib]

In this case I'm catching an error inside a try...catch block already, the raise is to raise other errors that can happen other than the one I want to catch, and be catched and logged by the outer block. I think that the behavior will be the same, the difference is just duplicating the code to log the error instead of reuse this part of the code of the outer try...catch block. Do you prefer me to apply your change? Feel free to do it

[jfagoagas]

May thanks @jit-contrib for this huge contribution to keep improving and growing Prowler 🚀 🚀 🚀 🚀