Update mappings to reflect latest ruleset (#272)

aws-cloudformation · Mar 23, 2024 · 7f7340c · 7f7340c
1 parent fcd8daf
commit 7f7340c
Show file tree

Hide file tree

Showing 53 changed files with 117 additions and 4,323 deletions.
diff --git a/mappings/cfn_nag_build.py b/mappings/cfn_nag_build.py
diff --git a/mappings/rule_set_ABS_CCIGv2_Material.json b/mappings/rule_set_ABS_CCIGv2_Material.json
@@ -326,7 +326,7 @@
       ]
     },
     {
-      "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard",
+      "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard",
       "controls": [
         "section4b-design-and-secure-the-cloud-3-material-workloads",
         "section4b-design-and-secure-the-cloud-3-standard-workloads"
@@ -384,14 +384,6 @@
         "section4b-design-and-secure-the-cloud-15-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-4-material-workloads",
-        "section4b-design-and-secure-the-cloud-4-standard-workloads",
-        "section4c-run-the-cloud-4-material-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/aws_kms/cmk_backing_key_rotation_enabled.guard",
       "controls": [
@@ -458,14 +450,6 @@
         "section4b-design-and-secure-the-cloud-12-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads",
-        "section4b-design-and-secure-the-cloud-12-standard-workloads",
-        "section4b-design-and-secure-the-cloud-15-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard",
       "controls": [
@@ -507,14 +491,6 @@
         "section4b-design-and-secure-the-cloud-15-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads",
-        "section4b-design-and-secure-the-cloud-12-standard-workloads",
-        "section4b-design-and-secure-the-cloud-15-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard",
       "controls": [
@@ -532,12 +508,6 @@
         "section4c-run-the-cloud-3-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard",
       "controls": [
@@ -574,25 +544,13 @@
         "section4b-design-and-secure-the-cloud-12-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard",
       "controls": [
         "section4b-design-and-secure-the-cloud-6-standard-workloads",
         "section4b-design-and-secure-the-cloud-15-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard",
       "controls": [

diff --git a/mappings/rule_set_ABS_CCIGv2_Standard.json b/mappings/rule_set_ABS_CCIGv2_Standard.json
@@ -286,7 +286,7 @@
       ]
     },
     {
-      "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard",
+      "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard",
       "controls": [
         "section4b-design-and-secure-the-cloud-3-standard-workloads"
       ]
@@ -312,12 +312,6 @@
         "section4b-design-and-secure-the-cloud-15-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-4-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard",
       "controls": [
@@ -381,14 +375,6 @@
         "section4b-design-and-secure-the-cloud-12-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads",
-        "section4b-design-and-secure-the-cloud-12-standard-workloads",
-        "section4b-design-and-secure-the-cloud-15-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard",
       "controls": [
@@ -430,14 +416,6 @@
         "section4b-design-and-secure-the-cloud-15-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads",
-        "section4b-design-and-secure-the-cloud-12-standard-workloads",
-        "section4b-design-and-secure-the-cloud-15-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard",
       "controls": [
@@ -454,12 +432,6 @@
         "section4c-run-the-cloud-3-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard",
       "controls": [
@@ -496,25 +468,13 @@
         "section4b-design-and-secure-the-cloud-12-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard",
       "controls": [
         "section4b-design-and-secure-the-cloud-6-standard-workloads",
         "section4b-design-and-secure-the-cloud-15-standard-workloads"
       ]
     },
-    {
-      "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard",
-      "controls": [
-        "section4b-design-and-secure-the-cloud-6-standard-workloads"
-      ]
-    },
     {
       "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard",
       "controls": [