reference.yaml in outliers-0.3.0 vs reference.yaml in outliers-0.3.1
- old
+ new
@@ -1,38 +1,28 @@
-all:
- credentials:
- access_key_id: AWS Account Access Key
- secret_access_key: AWS Account Secret Key
- region: AWS Region (Default us-east-1)
- resources:
- shared:
- description: Verifications which are available to all resources.
- verifications:
- none_exist:
- description: Verify no resources exist in list.
- equals:
- description: Verify no resources match the given list of keys.
- args: 'keys: [KEY1,KEY2]'
-
aws_cloud_formation:
credentials:
access_key_id: AWS Account Access Key
secret_access_key: AWS Account Secret Key
- region: AWS Region (Default us-east-1)
+ region: AWS Region
resources:
stack:
description: AWS Cloud Formation Stack
+ filters: {}
verifications: {}
aws_ec2:
credentials:
access_key_id: AWS Account Access Key
secret_access_key: AWS Account Secret Key
- region: AWS Region (Default us-east-1)
+ region: AWS Region
resources:
instance:
description: AWS EC2 Instance
+ filters:
+ tag:
+ description: Filter instances tagged with the given tag name and value.
+ args: 'TAG_NAME:VALUE'
verifications:
classic:
description: Instance is in AWS Classic (No VPC).
source_dest_check:
description: Instance source dest check set to true.
@@ -43,38 +33,42 @@
args: 'image_ids: [IMAGE_ID1, IMAGEID2]'
vpc:
description: Instance is in a VPC.
security_group:
description: AWS EC2 Security Group
+ filters: {}
verifications:
no_public_internet_ingress:
description: Security Group has no rules open to 0.0.0.0/0.
image:
description: AWS EC2 AMI
+ filters: {}
verifications: {}
aws_elb:
credentials:
access_key_id: AWS Account Access Key
secret_access_key: AWS Account Secret Key
- region: AWS Region (Default us-east-1)
+ region: AWS Region
resources:
load_balancer:
description: AWS ELB (Elastic Load Balancer)
+ filters: {}
verifications:
ssl_certificates_valid:
description: Validates all SSL certificates associated with an ELB are valid for given number of days.
args: 'days: DAYS'
aws_iam:
credentials:
access_key_id: AWS Account Access Key
secret_access_key: AWS Account Secret Key
- region: AWS Region (Default us-east-1)
+ region: AWS Region
resources:
user:
description: AWS IAM User
+ filters: {}
verifications:
mfa_enabled:
description: Verify MFA enabled for user.
no_access_keys:
description: Verify user has no access keys.
@@ -83,32 +77,35 @@
aws_rds:
credentials:
access_key_id: AWS Account Access Key
secret_access_key: AWS Account Secret Key
- region: AWS Region (Default us-east-1)
+ region: AWS Region
resources:
db_instance:
description: AWS RDS Database Instance
+ filters: {}
verifications:
backup_retention_period:
description: Validate the backup retention period equals given days for the db_instance.
args: 'days: DAYS'
multi_az:
description: RDS Multi AZ set to yes.
db_snapshot:
description: AWS RDS Database Snapshot
+ filters: {}
verifications: {}
aws_s3:
credentials:
access_key_id: AWS Account Access Key
secret_access_key: AWS Account Secret Key
- region: AWS Region (Default us-east-1)
+ region: AWS Region
resources:
bucket:
description: AWS S3 Bucket
+ filters: {}
verifications:
empty:
description: Bucket has no objects.
no_public_objects:
description: Bucket has no public accessible objects.
@@ -119,10 +116,11 @@
aws_sqs:
credentials:
access_key_id: AWS Account Access Key
secret_access_key: AWS Account Secret Key
- region: AWS Region (Default us-east-1)
+ region: AWS Region
resources:
queue:
description: AWS SQS Queue
+ filters: {}
verifications: {}