PLA-29459 - Update Readme and tox file

README.md

@@ -134,7 +134,7 @@ The table below lists all the supported jobs with their links.
 |   21.  	| 688d093c-3b8d-11eb-adc1-0242ac120002 	|                     S3 bucket should allow only HTTPS requests                    	|             [aws-s3-bucket-policy-allow-https](remediation_worker/jobs/aws_s3_bucket_policy_allow_https)             	|
 |   22.  	| 09639b9d-98e8-493b-b8a4-916775a7dea9 	|            SQS queue policy should restricted access to required users            	|            [aws-sqs-queue-publicly-accessible](remediation_worker/jobs/aws_sqs_queue_publicly_accessible)            	|
 |   23.  	| 1ec4a1f2-3e08-11eb-b378-0242ac130002 	| Network ACL should restrict administration ports (3389 and 22) from public access 	| [aws-ec2-administration-ports-ingress-allowed](remediation_worker/jobs/aws_ec2_administration_ports_ingress_allowed) 	|
-|   24.  	| ce603728-d631-4bae-8657-c22da6e5944e | Kinesis data stream should be encrypted  
+|   24.  	| ce603728-d631-4bae-8657-c22da6e5944e | Kinesis data stream should be encrypted  | [kinesis-encrypt-stream](remediation_worker/jobs/kinesis_encrypt_stream) 	|
 |   25.   	|       5c8c263d7a550e1fb6560c39        |            EC2 instance should restrict public access to FTP data port (20)           |                            [ec2-close-port-20](remediation_worker/jobs/ec2_close_port_20)                            	|
 |   26.   	| 4823ede0-7bed-4af0-a182-81c2ada80203  |            EC2 instance should restrict public access to Kibana (5601)            	|                            [ec2-close-port-5601](remediation_worker/jobs/ec2_close_port_5601)                            |
 |   27.   	|       5c8c26427a550e1fb6560c41     |               EC2 instance should restrict public access to MySQL server port (3306)     |                            [ec2-close-port-3306](remediation_worker/jobs/ec2_close_port_3306)                            |
@@ -149,6 +149,10 @@ The table below lists all the supported jobs with their links.
 |   36.  	| 2cdb8877-7ac3-4483-9ed0-1e792171d125 	| EBS volume snapshot should be private                                                 | [ebs-private-snapshot](remediation_worker/jobs/ebs_private_snapshot) 	|
 |   37.  	| 5c8c26467a550e1fb6560c48              | RDS instance should restrict public access                                            | [rds-remove-public-endpoint](remediation_worker/jobs/rds_remove_public_endpoint) 	|
 |   38.  	| 5c8c264a7a550e1fb6560c4c              | RDS should have automatic minor version upgrades enabled                              | [rds-enable-version-update](remediation_worker/jobs/rds_enable_version_update) 	|
+|   39.  	| 5c8c25f37a550e1fb6560bca              | EC2 VPC default security group should restrict all access                               | [aws-ec2-default-security-group-traffic](remediation_worker/jobs/aws_ec2_default_security_group_traffic) 	|
+|   40.  	| 5c8c260b7a550e1fb6560bf4              | IAM password policy should set a minimum length                               | [aws-iam-password-policy-min-length](remediation_worker/jobs/aws_iam_password_policy_min_length) 	|
+|   41.  	| 5c8c26107a550e1fb6560bfc              | IAM password policy should prevent password reuse                               | [aws-iam-password-reuse-prevention](remediation_worker/jobs/aws_iam_password_reuse_prevention) 	|
+|   42.  	| 7fe4eb28-3b82-11eb-adc1-0242ac120002              | IAM server certificates that are expired should be removed                               | [aws-iam-server-certificate-expired](remediation_worker/jobs/aws_iam_server_certificate_expired) 	|
 
 ## Contributing
 The Secure State team welcomes welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our [FAQ](https://cla.vmware.com/faq).

tox.ini

@@ -2,17 +2,21 @@
 minversion = 3.6.0
 skip_missing_interpreters = true
 envlist =
-        unit-ec2-close-port-5601
-        unit-ec2-close-port-5439
-        unit-ec2-close-port-3306
-        unit-ec2-close-port-27017
-        unit-ec2-close-port-23
-        unit-ec2-close-port-21
-        unit-ec2-close-port-20
-        unit-ec2-close-port-1521
-        unit-ec2-close-port-1433
-        unit-ec2-close-port-8080
-        unit-ec2-close-port-8200-9300
+	unit-aws-ec2-default-security-group-traffic
+	unit-aws-iam-password-policy-min-length
+	unit-aws-iam-password-reuse-prevention
+	unit-aws-iam-server-certificate-expired
+	unit-ec2-close-port-5601
+	unit-ec2-close-port-5439
+	unit-ec2-close-port-3306
+	unit-ec2-close-port-27017
+	unit-ec2-close-port-23
+	unit-ec2-close-port-21
+	unit-ec2-close-port-20
+	unit-ec2-close-port-1521
+	unit-ec2-close-port-1433
+	unit-ec2-close-port-8080
+	unit-ec2-close-port-8200-9300
 	unit-security-group-close-port-5432
 	unit-s3-remove-public-admin-acl
 	unit-s3-enable-access-logging
@@ -52,10 +56,10 @@ envlist =
 	unit-azure-postgresql-allow-access-to-azure-service-disabled
 	unit-aws-s3-bucket-policy-allow-https
 	unit-aws-sqs-queue-publicly-accessible
-  unit-ebs-private-snapshot
-  unit-rds-remove-public-endpoint
-  unit-rds_enable_version_update
-  unit-kinesis-encrypt-stream
+	unit-ebs-private-snapshot
+	unit-rds-remove-public-endpoint
+	unit-rds_enable_version_update
+	unit-kinesis-encrypt-stream
 
 
 [testenv]
@@ -390,3 +394,23 @@ deps = -r remediation_worker/jobs/ec2_close_port_9200_9300/requirements-dev.txt
 changedir = test
 pytest --capture=no --basetemp="{envtmpdir}" unit/test_ec2_close_port_8080.py
 deps = -r remediation_worker/jobs/ec2_close_port_8080/requirements-dev.txt
+
+[testenv:unit-aws-ec2-default-security-group-traffic]
+changedir = test
+pytest --capture=no --basetemp="{envtmpdir}" unit/test_aws_ec2_default_security_group_traffic.py
+deps = -r remediation_worker/jobs/aws_ec2_default_security_group_traffic/requirements-dev.txt
+
+[testenv:unit-aws-iam-password-policy-min-length]
+changedir = test
+pytest --capture=no --basetemp="{envtmpdir}" unit/test_aws_iam_password_policy_min_length.py
+deps = -r remediation_worker/jobs/aws_iam_password_policy_min_length/requirements-dev.txt
+
+[testenv:unit-aws-iam-password-reuse-prevention]
+changedir = test
+pytest --capture=no --basetemp="{envtmpdir}" unit/test_aws_iam_password_reuse_prevention.py
+deps = -r remediation_worker/jobs/aws_iam_password_reuse_prevention/requirements-dev.txt
+
+[testenv:unit-aws-iam-server-certificate-expired]
+changedir = test
+pytest --capture=no --basetemp="{envtmpdir}" unit/test_aws_iam_server_certificate_expired.py
+deps = -r remediation_worker/jobs/aws_iam_server_certificate_expired/requirements-dev.txt