├── .github ├── CODEOWNERS ├── dependabot.yml ├── pull_request_template.md └── workflows │ └── ci.yml ├── .gitignore ├── .go_private_repos ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── docs └── policies │ ├── cloudtrail-bucket-access-logging-enabled.md │ ├── cloudtrail-cloudwatch-logs-group-arn-present.md │ ├── cloudtrail-log-file-validation-enabled.md │ ├── cloudtrail-logs-bucket-not-public.md │ ├── cloudtrail-server-side-encryption-enabled.md │ ├── ec2-ebs-encryption-enabled.md │ ├── ec2-metadata-imdsv2-required.md │ ├── ec2-network-acl.md │ ├── ec2-security-group-ingress-traffic-restriction-port-22.md │ ├── ec2-security-group-ingress-traffic-restriction-port-3389.md │ ├── ec2-security-group-ipv4-ingress-traffic-restriction.md │ ├── ec2-security-group-ipv6-ingress-traffic-restriction.md │ ├── ec2-vpc-default-security-group-no-traffic.md │ ├── ec2-vpc-flow-logging-enabled.md │ ├── efs-encryption-at-rest-enabled.md │ ├── iam-no-admin-privileges-allowed-by-policies.md │ ├── iam-no-policies-attached-to-users.md │ ├── iam-password-expiry.md │ ├── iam-password-length.md │ ├── iam-password-lowercase.md │ ├── iam-password-numbers.md │ ├── iam-password-reuse.md │ ├── iam-password-symbols.md │ ├── iam-password-uppercase.md │ ├── kms-key-rotation-enabled.md │ ├── rds-encryption-at-rest-enabled.md │ ├── rds-minor-version-upgrade-enabled.md │ ├── rds-public-access-disabled.md │ ├── s3-block-public-access-account-level.md │ ├── s3-block-public-access-bucket-level.md │ ├── s3-enable-object-logging-for-read-events.md │ ├── s3-enable-object-logging-for-write-events.md │ ├── s3-require-mfa-delete.md │ ├── s3-require-ssl.md │ └── vpc-flow-logging-enabled.md ├── modules ├── mocks │ └── report │ │ └── report.sentinel ├── report │ ├── docs │ │ └── generate_policy_report.md │ └── report.sentinel ├── tfconfig-functions │ ├── doc │ │ ├── is_variable_reference.md │ │ └── parse_variable_name_from_reference.md │ └── tfconfig-functions.sentinel ├── tfplan-functions │ ├── doc │ │ └── get_variable_value.md │ └── tfplan-functions.sentinel └── tfresources │ ├── docs │ ├── config.md │ ├── plan.md │ └── state.md │ └── tfresources.sentinel ├── policies ├── README.md ├── cloudtrail │ ├── cloudtrail-bucket-access-logging-enabled.sentinel │ ├── cloudtrail-cloudwatch-logs-group-arn-present.sentinel │ ├── cloudtrail-log-file-validation-enabled.sentinel │ ├── cloudtrail-logs-bucket-not-public.sentinel │ ├── cloudtrail-server-side-encryption-enabled.sentinel │ └── test │ │ ├── cloudtrail-bucket-access-logging-enabled │ │ ├── failure-cloudtrail-s3-bucket-has-no-access-logging-enabled-nested-modules.hcl │ │ ├── failure-cloudtrail-s3-bucket-has-no-access-logging-enabled.hcl │ │ ├── mocks │ │ │ ├── policy-failure-cloudtrail-s3-bucket-has-no-access-logging-enabled-nested-modules │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-s3-bucket-has-no-access-logging-enabled │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-success-cloudtrail-s3-bucket-access-logging-enabled-with-constant-value │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-success-cloudtrail-s3-bucket-access-logging-enabled-with-mixed-references │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ └── policy-success-cloudtrail-s3-bucket-access-logging-enabled-with-references │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── success-cloudtrail-s3-bucket-access-logging-enabled-with-constant-value.hcl │ │ ├── success-cloudtrail-s3-bucket-access-logging-enabled-with-mixed-references.hcl │ │ └── success-cloudtrail-s3-bucket-access-logging-enabled-with-references.hcl │ │ ├── cloudtrail-cloudwatch-logs-group-arn-present │ │ ├── failure-cloudwatch-log-group-arn-attribute-missing.hcl │ │ ├── failure-cloudwatch-log-group-arn-present-but-blank.hcl │ │ ├── mocks │ │ │ ├── policy-failure-cloudwatch-logs-group-arn-attribute-missing │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudwatch-logs-group-arn-present-but-blank │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ └── policy-success-cloud-watch-log-group-arn │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ └── success-cloud-watch-log-group-arn.hcl │ │ ├── cloudtrail-log-file-validation-enabled │ │ ├── failure-enable-log-file-validation-not-defined.hcl │ │ ├── failure-enable-log-file-validation-set-to-false.hcl │ │ ├── mocks │ │ │ ├── policy-failure-enable-log-file-validation-not-defined │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-enable-log-file-validation-set-to-false │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-enable-log-file-validation │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-enable-log-file-validation.hcl │ │ ├── cloudtrail-logs-bucket-not-public │ │ ├── failure-cloudtrail-has-public-s3-bucket-with-acl-resource.hcl │ │ ├── failure-cloudtrail-has-public-s3-bucket-with-inline-acl.hcl │ │ ├── failure-cloudtrail-s3-bucket-has-no-public-access-block-in-nested-modules.hcl │ │ ├── failure-cloudtrail-s3-bucket-has-no-public-access-block.hcl │ │ ├── failure-cloudtrail-s3-bucket-has-public-access-block-block-public-acls-false.hcl │ │ ├── failure-cloudtrail-s3-bucket-has-public-access-block-block_public_policy-false.hcl │ │ ├── failure-cloudtrail-s3-bucket-has-public-access-block-ignore-public-acl-false.hcl │ │ ├── failure-cloudtrail-s3-bucket-has-public-access-block-restrict-public-buckets-false.hcl │ │ ├── failure-cloudtrail-s3-bucket-public-access-block-has-missing-fields.hcl │ │ ├── mocks │ │ │ ├── policy-failure-cloudtrail-has-public-s3-bucket-with-acl-resource │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-has-public-s3-bucket-with-inline-acl │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-s3-bucket-has-no-public-access-block-in-nested-modules │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-s3-bucket-has-no-public-access-block │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-s3-bucket-has-public-access-block-block-public-acls-false │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-s3-bucket-has-public-access-block-block-public-policy-false │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-s3-bucket-has-public-access-block-ignore-public-acl-false │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-s3-bucket-has-public-access-block-restrict-public-buckets-false │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-s3-bucket-public-access-block-has-missing-fields │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-success-cloudtrail-has-private-s3-bucket-with-acl-resource │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-success-cloudtrail-has-private-s3-bucket-with-constant-value │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-success-cloudtrail-has-private-s3-bucket-with-inline-acl │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-success-cloudtrail-has-private-s3-bucket-with-mixed-references │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ └── policy-success-cloudtrail-has-private-s3-bucket-with-references │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── success-cloudtrail-has-private-s3-bucket-with-acl-resource.hcl │ │ ├── success-cloudtrail-has-private-s3-bucket-with-constant-value.hcl │ │ ├── success-cloudtrail-has-private-s3-bucket-with-inline-acl.hcl │ │ ├── success-cloudtrail-has-private-s3-bucket-with-mixed-references.hcl │ │ └── success-cloudtrail-has-private-s3-bucket-with-references.hcl │ │ └── cloudtrail-server-side-encryption-enabled │ │ ├── failure-kms-key-id-attribute-missing.hcl │ │ ├── failure-kms-key-id-present-but-blank.hcl │ │ ├── mocks │ │ ├── policy-failure-kms-key-id-attribute-missing │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-failure-kms-key-id-present-but-blank │ │ │ └── mock-tfconfig-v2.sentinel │ │ └── policy-success-kms-key-id-present │ │ │ └── mock-tfconfig-v2.sentinel │ │ └── success-kms-key-id-present.hcl ├── ec2 │ ├── ec2-ebs-encryption-enabled.sentinel │ ├── ec2-metadata-imdsv2-required.sentinel │ ├── ec2-network-acl.sentinel │ ├── ec2-security-group-ingress-traffic-restriction-port.sentinel │ ├── ec2-security-group-ingress-traffic-restriction-protocol.sentinel │ ├── ec2-vpc-default-security-group-no-traffic.sentinel │ ├── ec2-vpc-flow-logging-enabled.sentinel │ └── test │ │ ├── ec2-ebs-encryption-enabled │ │ ├── failure-encrypted-attribute-not-present.hcl │ │ ├── failure-encrypted-attribute-present-but-set-to-false.hcl │ │ ├── mocks │ │ │ ├── policy-failure-encrypted-attribute-not-present │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-encrypted-attribute-present-but-set-to-false │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-encrypted-attribute-set-to-true │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-encrypted-set-to-true.hcl │ │ ├── ec2-metadata-imdsv2-required │ │ ├── mocks │ │ │ ├── policy-failure-account-level-metadata │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-instance-level-metadata │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-no-metadata │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-account-level-metadata │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-instance-level-metadata │ │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── policy-failure-account-level-metadata.hcl │ │ ├── policy-failure-instance-level-metadata.hcl │ │ ├── policy-failure-no-metadata.hcl │ │ ├── policy-success-account-level-metadata.hcl │ │ └── policy-success-instance-level-metadata.hcl │ │ ├── ec2-network-acl │ │ ├── failure-network-acl-port.hcl │ │ ├── failure-network-acl-protocol.hcl │ │ ├── failure-network-acl-rule-port.hcl │ │ ├── failure-network-acl-rule-protocol.hcl │ │ ├── failure-network-acl-rule-source-ipv4.hcl │ │ ├── failure-network-acl-rule-source-ipv6.hcl │ │ ├── failure-network-acl-source-ipv4.hcl │ │ ├── failure-network-acl-source-ipv6.hcl │ │ ├── failure-no-input-params.hcl │ │ ├── mocks │ │ │ ├── failure-network-acl-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── failure-network-acl-protocol │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── failure-network-acl-rule-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── failure-network-acl-rule-protocol │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── failure-network-acl-rule-source-ipv4 │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── failure-network-acl-rule-source-ipv6 │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── failure-network-acl-source-ipv4 │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── failure-network-acl-source-ipv6 │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── success-network-acl-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── success-network-acl-rule-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── success-network-acl-rule-source-ipv4 │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── success-network-acl-rule-source-ipv6 │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── success-network-acl-source-ipv4 │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── success-network-acl-source-ipv6 │ │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── success-network-acl-port.hcl │ │ ├── success-network-acl-rule-port.hcl │ │ ├── success-network-acl-rule-source-ipv4.hcl │ │ ├── success-network-acl-rule-source-ipv6.hcl │ │ ├── success-network-acl-source-ipv4.hcl │ │ └── success-network-acl-source-ipv6.hcl │ │ ├── ec2-security-group-ingress-traffic-restriction-port │ │ ├── failure-sg-ingress-port-22.hcl │ │ ├── failure-sg-ingress-port-3389.hcl │ │ ├── failure-sg-ingress-protocol.hcl │ │ ├── failure-sg-ingress-source-ipv4.hcl │ │ ├── failure-sg-ingress-source-ipv6.hcl │ │ ├── failure-sg-port-22.hcl │ │ ├── failure-sg-port-3389.hcl │ │ ├── failure-sg-protocol.hcl │ │ ├── failure-sg-rule-port-22.hcl │ │ ├── failure-sg-rule-port-3389.hcl │ │ ├── failure-sg-rule-protocol.hcl │ │ ├── failure-sg-rule-source-ipv4.hcl │ │ ├── failure-sg-rule-source-ipv6.hcl │ │ ├── failure-sg-source-ipv4.hcl │ │ ├── failure-sg-source-ipv6.hcl │ │ ├── mocks │ │ │ ├── policy-failure-sg-ingress-ipv4-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ingress-ipv6-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ingress-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ingress-protocol │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ipv4-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ipv6-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-protocol │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-rule-ipv4-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-rule-ipv6-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-rule-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-rule-protocol │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-ingress-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-ingress-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-rule-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-rule-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-sg-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── success-sg-ingress-port-22.hcl │ │ ├── success-sg-ingress-port-3389.hcl │ │ ├── success-sg-ingress-source.hcl │ │ ├── success-sg-port-22.hcl │ │ ├── success-sg-port-3389.hcl │ │ ├── success-sg-rule-port-22.hcl │ │ ├── success-sg-rule-port-3389.hcl │ │ ├── success-sg-rule-source.hcl │ │ └── success-sg-source.hcl │ │ ├── ec2-security-group-ingress-traffic-restriction-protocol │ │ ├── failure-sg-ingress-port-22.hcl │ │ ├── failure-sg-ingress-port-3389.hcl │ │ ├── failure-sg-ingress-protocol.hcl │ │ ├── failure-sg-ingress-source-ipv4.hcl │ │ ├── failure-sg-ingress-source-ipv6.hcl │ │ ├── failure-sg-port-22.hcl │ │ ├── failure-sg-port-3389.hcl │ │ ├── failure-sg-protocol.hcl │ │ ├── failure-sg-rule-port-22.hcl │ │ ├── failure-sg-rule-port-3389.hcl │ │ ├── failure-sg-rule-protocol.hcl │ │ ├── failure-sg-rule-source-ipv4.hcl │ │ ├── failure-sg-rule-source-ipv6.hcl │ │ ├── failure-sg-source-ipv4.hcl │ │ ├── failure-sg-source-ipv6.hcl │ │ ├── mocks │ │ │ ├── policy-failure-sg-ingress-ipv4-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ingress-ipv6-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ingress-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ingress-protocol │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ipv4-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-ipv6-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-protocol │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-rule-ipv4-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-rule-ipv6-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-rule-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-sg-rule-protocol │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-default-params │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-ingress-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-ingress-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-rule-port │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-sg-rule-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-sg-source │ │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── success-sg-default-params.hcl │ │ ├── success-sg-ingress-port-22.hcl │ │ ├── success-sg-ingress-port-3389.hcl │ │ ├── success-sg-ingress-source.hcl │ │ ├── success-sg-port-22.hcl │ │ ├── success-sg-port-3389.hcl │ │ ├── success-sg-rule-port-22.hcl │ │ ├── success-sg-rule-port-3389.hcl │ │ ├── success-sg-rule-source.hcl │ │ └── success-sg-source.hcl │ │ ├── ec2-vpc-default-security-group-no-traffic │ │ ├── failure-default-security-group-with-egress.hcl │ │ ├── failure-default-security-group-with-ingress.hcl │ │ ├── failure-security-group-egress-rule-references-default-security-group.hcl │ │ ├── failure-security-group-egress-rule-references-default-vpc-default-sg.hcl │ │ ├── failure-security-group-egress-rule-references-vpc-default-sg.hcl │ │ ├── failure-security-group-ingress-rule-references-default-security-group.hcl │ │ ├── failure-security-group-ingress-rule-references-default-vpc-default-sg.hcl │ │ ├── failure-security-group-ingress-rule-references-vpc-default-sg.hcl │ │ ├── failure-security-group-rule-references-default-security-group.hcl │ │ ├── failure-security-group-rule-references-default-vpc-default-sg.hcl │ │ ├── mocks │ │ │ ├── policy-failure-default-security-group-with-egress │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-default-security-group-with-ingress │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-security-group-egress-rule-references-default-security-group │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-security-group-egress-rule-references-default-vpc-default-sg │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-security-group-egress-rule-references-vpc-default-sg │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-security-group-ingress-rule-references-default-security-group │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-security-group-ingress-rule-references-default-vpc-default-sg │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-security-group-ingress-rule-references-vpc-default-sg │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-security-group-rule-references-default-security-group │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-security-group-rule-references-default-vpc-default-sg │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ ├── policy-failure-security-group-rule-references-vpc-default-sg │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ │ └── policy-success-default-security-group-no-traffic │ │ │ │ └── mock-tfconfig-v2.sentinel │ │ └── success-default-security-group-no-traffic.hcl │ │ └── ec2-vpc-flow-logging-enabled │ │ ├── failure-default-vpc-resources-flow-logging-enabled-but-different-traffic-type.hcl │ │ ├── failure-default-vpc-resources-flow-logging-not-enabled.hcl │ │ ├── failure-flow-logging-is-referenced.hcl │ │ ├── failure-vpc-resources-flow-logging-not-enabled.hcl │ │ ├── mocks │ │ ├── policy-failure-default-vpc-resources-flow-logging-enabled-but-different-traffic-type │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-failure-default-vpc-resources-flow-logging-not-enabled │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-failure-flow-logging-is-referenced │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-failure-vpc-resources-flow-logging-not-enabled │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-success-all-vpc-resources-flow-logging-enabled-with-traffic-type-all │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject │ │ │ └── mock-tfconfig-v2.sentinel │ │ └── policy-success-all-vpc-resources-in-nested-module │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── success-all-vpc-resources-flow-logging-enabled-with-traffic-type-all.hcl │ │ ├── success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject.hcl │ │ └── success-all-vpc-resources-in-nested-module.hcl ├── efs │ ├── efs-encryption-at-rest-enabled.sentinel │ └── test │ │ └── efs-encryption-at-rest-enabled │ │ ├── failure-encryption-disabled-with-valid-kms-key.hcl │ │ ├── failure-encryption-disabled.hcl │ │ ├── failure-encryption-enabled-kms-key-empty.hcl │ │ ├── mocks │ │ ├── policy-failure-encryption-disabled-with-valid-kms-key │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── policy-failure-encryption-disabled │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── policy-failure-encryption-enabled-kms-key-empty │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfplan-v2.sentinel │ │ └── policy-success-encryption-enabled-with-valid-kms-key │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-encryption-enabled-with-valid-kms-key.hcl ├── iam │ ├── iam-no-admin-privileges-allowed-by-policies.sentinel │ ├── iam-no-policies-attached-to-users.sentinel │ ├── iam-password-expiry.sentinel │ ├── iam-password-length.sentinel │ ├── iam-password-lowercase.sentinel │ ├── iam-password-numbers.sentinel │ ├── iam-password-reuse.sentinel │ ├── iam-password-symbols.sentinel │ ├── iam-password-uppercase.sentinel │ └── test │ │ ├── iam-no-admin-privileges-allowed-by-policies │ │ ├── failure-iam-policy-resource-with-inline-policy.hcl │ │ ├── failure-multiple-policies-allows-admin-privileges.hcl │ │ ├── failure-one-policy-allows-admin-privileges.hcl │ │ ├── failure-policy-denying-admin-privileges-but-given-inline.hcl │ │ ├── failure-policy-with-multiple-statements-allow-admin-privileges.hcl │ │ ├── mocks │ │ │ ├── policy-failure-iam-policy-resource-with-inline-policy │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfstate-v2.sentinel │ │ │ ├── policy-failure-multiple-policies-allows-admin-privileges │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfstate-v2.sentinel │ │ │ ├── policy-failure-one-policy-allows-admin-privilege │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfstate-v2.sentinel │ │ │ ├── policy-failure-policy-denying-admin-privileges-but-given-inline │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfstate-v2.sentinel │ │ │ ├── policy-failure-policy-with-multiple-statements-allow-admin-privileges │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfstate-v2.sentinel │ │ │ ├── policy-success-no-policies-allow-admin-privileges │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfstate-v2.sentinel │ │ │ ├── policy-success-one-policy-denying-admin-privilege │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfstate-v2.sentinel │ │ │ ├── policy-success-only-data-source-is-present-with-valid-policy-name │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfstate-v2.sentinel │ │ │ └── policy-success-policy-with-no-statements │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfstate-v2.sentinel │ │ ├── success-no-policies-allow-admin-privileges.hcl │ │ ├── success-one-policy-denying-admin-privilege.hcl │ │ ├── success-only-data-source-is-present-with-valid-policy-name.hcl │ │ └── success-policy-with-no-statements.hcl │ │ ├── iam-no-policies-attached-to-users │ │ ├── failure-iam-user-policy-attachment-resource.hcl │ │ ├── failure-iam-user-policy-resource.hcl │ │ ├── mocks │ │ │ ├── policy-failure-iam-user-policy-attachment-resource │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-iam-user-policy-resource │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-iam-roles-attached-to-policy │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-iam-user-attached-to-policy-via-group │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-no-policies-attached-to-users │ │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── success-iam-roles-attached-to-policy.hcl │ │ ├── success-iam-user-attached-to-policy-via-group.hcl │ │ └── success-no-policies-attached-to-users.hcl │ │ ├── iam-password-expiry │ │ ├── failure-password-expiry.hcl │ │ ├── failure-password-max-age-attribute-not-present.hcl │ │ ├── mocks │ │ │ ├── policy-failure-password-expired │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-password-max-age-attribute-not-present │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-password-expiry.hcl │ │ ├── iam-password-length │ │ ├── failure-password-length.hcl │ │ ├── failure-password-minimum-password-length-attribute-not-present.hcl │ │ ├── mocks │ │ │ ├── policy-failure-password-min-length │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-password-minimum-password-length-attribute-not-present │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-password-length.hcl │ │ ├── iam-password-lowercase │ │ ├── failure-password-lowercase-attribute-not-present.hcl │ │ ├── faliure-password-lowercase.hcl │ │ ├── mocks │ │ │ ├── policy-failure-password-lowercase-attribute-not-present │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-password-lowercase-disabled │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-password-lowercase.hcl │ │ ├── iam-password-numbers │ │ ├── failure-password-numbers.hcl │ │ ├── failure-password-require-numbers-attribute-not-present.hcl │ │ ├── mocks │ │ │ ├── policy-failure-password-numbers-disabled │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-password-require-numbers-attribute-not-present │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-password-numbers.hcl │ │ ├── iam-password-reuse │ │ ├── failure-password-reuse-attribute-not-present.hcl │ │ ├── failure-password-reuse.hcl │ │ ├── mocks │ │ │ ├── policy-failure-password-reuse-attribute-not-present │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-password-reuse-invalid │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-password-reuse.hcl │ │ ├── iam-password-symbols │ │ ├── failure-password-require-symbol-attribute-not-present.hcl │ │ ├── failure-password-symbols.hcl │ │ ├── mocks │ │ │ ├── policy-failure-password-require-symbol-attribute-not-present │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-password-symbols-disabled │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-password-symbols.hcl │ │ └── iam-password-uppercase │ │ ├── failure-password-uppercase-attribute-not-present.hcl │ │ ├── failure-password-uppercase.hcl │ │ ├── mocks │ │ ├── policy-failure-password-uppercase-attribute-not-present │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── policy-failure-password-uppercase-disabled │ │ │ └── mock-tfplan-v2.sentinel │ │ └── policy-success │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-password-uppercase.hcl ├── kms │ ├── kms-key-rotation-enabled.sentinel │ └── test │ │ └── kms-key-rotation-enabled │ │ ├── failure-key-rotation-disabled.hcl │ │ ├── failure-undefined-key-rotation-attribute.hcl │ │ ├── mocks │ │ ├── policy-failure-key-rotation-disabled │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── policy-failure-undefined-key-rotation-attribute │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── policy-success-kms-key-disabled │ │ │ └── mock-tfplan-v2.sentinel │ │ └── policy-success │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── success-key-rotation-enabled.hcl │ │ └── success-kms-key-disabled.hcl ├── rds │ ├── rds-encryption-at-rest-enabled.sentinel │ ├── rds-minor-version-upgrade-enabled.sentinel │ ├── rds-public-access-disabled.sentinel │ └── test │ │ ├── rds-encryption-at-rest-enabled │ │ ├── failure-storage-encrypted-attribute-not-present.hcl │ │ ├── failure-storage-encrypted-attribute-set-to-false.hcl │ │ ├── mocks │ │ │ ├── policy-failure-storage-encrypted-attribute-not-present │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-storage-encrypted-attribute-set-to-false │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-storage-encrypted-true │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-storage-encrypted-true.hcl │ │ ├── rds-minor-version-upgrade-enabled │ │ ├── failure.hcl │ │ ├── mocks │ │ │ ├── policy-failure │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success.hcl │ │ └── rds-public-access-disabled │ │ ├── failure.hcl │ │ ├── mocks │ │ ├── policy-failure │ │ │ └── mock-tfplan-v2.sentinel │ │ └── policy-success │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success.hcl ├── s3 │ ├── s3-block-public-access-account-level.sentinel │ ├── s3-block-public-access-bucket-level.sentinel │ ├── s3-enable-object-logging-for-events.sentinel │ ├── s3-require-mfa-delete.sentinel │ ├── s3-require-ssl.sentinel │ └── test │ │ ├── s3-block-public-access-account-level │ │ ├── failure-invalid-block-public-acls-setting.hcl │ │ ├── failure-invalid-block-public-policy-setting.hcl │ │ ├── failure-invalid-ignore-public-acls-setting.hcl │ │ ├── failure-invalid-restrict-public-buckets-setting.hcl │ │ ├── mocks │ │ │ ├── policy-failure-invalid-block-public-acls-setting │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-invalid-block-public-policy-setting │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-invalid-ignore-public-acls-setting │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-invalid-restrict-public-buckets-setting │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-account-level-s3-block-public-access-settings │ │ │ │ └── mock-tfplan-v2.sentinel │ │ └── success-account-level-s3-block-public-access-settings.hcl │ │ ├── s3-block-public-access-bucket-level │ │ ├── failure-block-public-access-settings-undefined.hcl │ │ ├── failure-invalid-block-public-acls-setting.hcl │ │ ├── failure-invalid-block-public-policy-setting.hcl │ │ ├── failure-invalid-ignore-public-acls-setting.hcl │ │ ├── failure-invalid-restrict-public-buckets-setting.hcl │ │ ├── failure-no-public-access-block-for-bucket.hcl │ │ ├── failure-s3-bucket-with-acl-defined-inline-and-public.hcl │ │ ├── failure-s3-bucket-with-acl-resource-defined-and-public.hcl │ │ ├── mocks │ │ │ ├── policy-failure-block-public-access-settings-undefined │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-invalid-block-public-acls-setting │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-invalid-block-public-policy-setting │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-invalid-ignore-public-acls-setting │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-invalid-restrict-public-buckets-setting │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-no-public-access-block-for-bucket │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-s3-bucket-with-acl-defined-inline-and-public │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-s3-bucket-with-acl-resource-defined-and-public │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-bucket-level-s3-block-public-access-settings-nested-modules │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-bucket-level-s3-block-public-access-settings-with-var │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-bucket-level-s3-block-public-access-settings │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-s3-bucket-with-acl-defined-inline-and-private │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-s3-bucket-with-acl-resource-defined-and-private │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── success-bucket-level-s3-block-public-access-settings-nested-modules.hcl │ │ ├── success-bucket-level-s3-block-public-access-settings-with-var.hcl │ │ ├── success-bucket-level-s3-block-public-access-settings.hcl │ │ ├── success-s3-bucket-with-acl-defined-inline-and-private.hcl │ │ └── success-s3-bucket-with-acl-resource-defined-and-private.hcl │ │ ├── s3-enable-object-logging-for-events │ │ ├── failure-cloudtrail-with-invalid-data-resource-for-read-events.hcl │ │ ├── failure-cloudtrail-with-invalid-data-resource-for-write-events.hcl │ │ ├── failure-cloudtrail-with-invalid-event-selector-for-read-events.hcl │ │ ├── failure-cloudtrail-with-invalid-event-selector-for-write-events.hcl │ │ ├── failure-cloudtrail-without-event-selector-for-read-events.hcl │ │ ├── failure-cloudtrail-without-event-selector-for-write-events.hcl │ │ ├── failure-no-cloudtrail-resource-for-read-events.hcl │ │ ├── failure-no-cloudtrail-resource-for-write-events.hcl │ │ ├── mocks │ │ │ ├── policy-failure-cloudtrail-with-invalid-data-resource-for-read-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-with-invalid-data-resource-for-write-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-with-invalid-event-selector-for-read-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-with-invalid-event-selector-for-write-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-without-event-selector-for-read-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-cloudtrail-without-event-selector-for-write-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-no-cloudtrail-resource-for-read-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-failure-no-cloudtrail-resource-for-write-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-object-logging-for-read-events-catchall │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-object-logging-for-read-events-multiple-buckets │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-object-logging-for-read-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-object-logging-for-write-events-catchall │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── policy-success-object-logging-for-write-events-multiple-buckets │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── policy-success-object-logging-for-write-events │ │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── success-object-logging-for-read-events-catchall.hcl │ │ ├── success-object-logging-for-read-events-multiple-buckets.hcl │ │ ├── success-object-logging-for-read-events.hcl │ │ ├── success-object-logging-for-write-events-catchall.hcl │ │ ├── success-object-logging-for-write-events-multiple-buckets.hcl │ │ └── success-object-logging-for-write-events.hcl │ │ ├── s3-require-mfa-delete │ │ ├── failure-bucket-linked-mfa-disabled.hcl │ │ ├── failure-bucket-unlinked.hcl │ │ ├── failure-versioning-disabled.hcl │ │ ├── mocks │ │ │ ├── failure-bucket-linked-mfa-disabled │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── failure-bucket-unlinked │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── failure-versioning-disabled │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── success-bucket-linked-mfa-enabled-in-nested-module │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ ├── success-bucket-linked-mfa-enabled-using-var │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ │ └── success-bucket-linked-mfa-enabled │ │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ │ └── mock-tfplan-v2.sentinel │ │ ├── success-bucket-linked-mfa-enabled-in-nested-module.hcl │ │ ├── success-using-var.hcl │ │ └── success.hcl │ │ └── s3-require-ssl │ │ ├── failure-policy-is-not-datasource.hcl │ │ ├── failure-secure-transport-var-missing.hcl │ │ ├── failure-traffic-allow-ssl-diabled.hcl │ │ ├── mocks │ │ ├── failure-policy-is-not-datasource │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfstate-v2.sentinel │ │ ├── failure-secure-transport-var-missing │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfstate-v2.sentinel │ │ ├── failure-traffic-allow-ssl-disabled │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfstate-v2.sentinel │ │ ├── success-traffic-deny-ssl-disabled-nested-modules │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfstate-v2.sentinel │ │ ├── success-traffic-deny-ssl-disabled │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfstate-v2.sentinel │ │ └── success-traffic-deny-ssl-enabled │ │ │ ├── mock-tfconfig-v2.sentinel │ │ │ └── mock-tfstate-v2.sentinel │ │ ├── success-traffic-deny-ssl-disabled-nested-modules.hcl │ │ ├── success-traffic-deny-ssl-disabled.hcl │ │ └── success-traffic-deny-ssl-enabled.hcl └── vpc │ ├── test │ └── vpc-flow-logging-enabled │ │ ├── failure-all-vpc-resources-flow-logging-enabled-with-traffic-type-all.hcl │ │ ├── failure-default-vpc-resources-flow-logging-enabled-but-different-traffic-type.hcl │ │ ├── failure-default-vpc-resources-flow-logging-not-enabled.hcl │ │ ├── failure-vpc-resources-flow-logging-not-enabled.hcl │ │ ├── failure.hcl │ │ ├── mocks │ │ ├── policy-failure-all-vpc-resources-flow-logging-enabled-with-traffic-type-all │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-failure-default-vpc-resources-flow-logging-enabled-but-different-traffic-type │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-failure-default-vpc-resources-flow-logging-not-enabled │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-failure-vpc-resources-flow-logging-not-enabled │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-failure │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── policy-success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject │ │ │ └── mock-tfconfig-v2.sentinel │ │ └── policy-success-all-vpc-resources-in-nested-module │ │ │ └── mock-tfconfig-v2.sentinel │ │ ├── success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject.hcl │ │ └── success-all-vpc-resources-in-nested-module.hcl │ └── vpc-flow-logging-enabled.sentinel └── sentinel.hcl /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # default PR reviews to the team 2 | * @hashicorp/team-rnd-india-policy 3 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/.github/pull_request_template.md -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/.github/workflows/ci.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/.gitignore -------------------------------------------------------------------------------- /.go_private_repos: -------------------------------------------------------------------------------- 1 | github.com/hashicorp -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/README.md -------------------------------------------------------------------------------- /docs/policies/cloudtrail-bucket-access-logging-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/cloudtrail-bucket-access-logging-enabled.md -------------------------------------------------------------------------------- /docs/policies/cloudtrail-cloudwatch-logs-group-arn-present.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/cloudtrail-cloudwatch-logs-group-arn-present.md -------------------------------------------------------------------------------- /docs/policies/cloudtrail-log-file-validation-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/cloudtrail-log-file-validation-enabled.md -------------------------------------------------------------------------------- /docs/policies/cloudtrail-logs-bucket-not-public.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/cloudtrail-logs-bucket-not-public.md -------------------------------------------------------------------------------- /docs/policies/cloudtrail-server-side-encryption-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/cloudtrail-server-side-encryption-enabled.md -------------------------------------------------------------------------------- /docs/policies/ec2-ebs-encryption-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/ec2-ebs-encryption-enabled.md -------------------------------------------------------------------------------- /docs/policies/ec2-metadata-imdsv2-required.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/ec2-metadata-imdsv2-required.md -------------------------------------------------------------------------------- /docs/policies/ec2-network-acl.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/ec2-network-acl.md -------------------------------------------------------------------------------- /docs/policies/ec2-security-group-ingress-traffic-restriction-port-22.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/ec2-security-group-ingress-traffic-restriction-port-22.md -------------------------------------------------------------------------------- /docs/policies/ec2-security-group-ingress-traffic-restriction-port-3389.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/ec2-security-group-ingress-traffic-restriction-port-3389.md -------------------------------------------------------------------------------- /docs/policies/ec2-security-group-ipv4-ingress-traffic-restriction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/ec2-security-group-ipv4-ingress-traffic-restriction.md -------------------------------------------------------------------------------- /docs/policies/ec2-security-group-ipv6-ingress-traffic-restriction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/ec2-security-group-ipv6-ingress-traffic-restriction.md -------------------------------------------------------------------------------- /docs/policies/ec2-vpc-default-security-group-no-traffic.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/ec2-vpc-default-security-group-no-traffic.md -------------------------------------------------------------------------------- /docs/policies/ec2-vpc-flow-logging-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/ec2-vpc-flow-logging-enabled.md -------------------------------------------------------------------------------- /docs/policies/efs-encryption-at-rest-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/efs-encryption-at-rest-enabled.md -------------------------------------------------------------------------------- /docs/policies/iam-no-admin-privileges-allowed-by-policies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/iam-no-admin-privileges-allowed-by-policies.md -------------------------------------------------------------------------------- /docs/policies/iam-no-policies-attached-to-users.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/iam-no-policies-attached-to-users.md -------------------------------------------------------------------------------- /docs/policies/iam-password-expiry.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/iam-password-expiry.md -------------------------------------------------------------------------------- /docs/policies/iam-password-length.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/iam-password-length.md -------------------------------------------------------------------------------- /docs/policies/iam-password-lowercase.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/iam-password-lowercase.md -------------------------------------------------------------------------------- /docs/policies/iam-password-numbers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/iam-password-numbers.md -------------------------------------------------------------------------------- /docs/policies/iam-password-reuse.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/iam-password-reuse.md -------------------------------------------------------------------------------- /docs/policies/iam-password-symbols.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/iam-password-symbols.md -------------------------------------------------------------------------------- /docs/policies/iam-password-uppercase.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/iam-password-uppercase.md -------------------------------------------------------------------------------- /docs/policies/kms-key-rotation-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/kms-key-rotation-enabled.md -------------------------------------------------------------------------------- /docs/policies/rds-encryption-at-rest-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/rds-encryption-at-rest-enabled.md -------------------------------------------------------------------------------- /docs/policies/rds-minor-version-upgrade-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/rds-minor-version-upgrade-enabled.md -------------------------------------------------------------------------------- /docs/policies/rds-public-access-disabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/rds-public-access-disabled.md -------------------------------------------------------------------------------- /docs/policies/s3-block-public-access-account-level.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/s3-block-public-access-account-level.md -------------------------------------------------------------------------------- /docs/policies/s3-block-public-access-bucket-level.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/s3-block-public-access-bucket-level.md -------------------------------------------------------------------------------- /docs/policies/s3-enable-object-logging-for-read-events.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/s3-enable-object-logging-for-read-events.md -------------------------------------------------------------------------------- /docs/policies/s3-enable-object-logging-for-write-events.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/s3-enable-object-logging-for-write-events.md -------------------------------------------------------------------------------- /docs/policies/s3-require-mfa-delete.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/s3-require-mfa-delete.md -------------------------------------------------------------------------------- /docs/policies/s3-require-ssl.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/s3-require-ssl.md -------------------------------------------------------------------------------- /docs/policies/vpc-flow-logging-enabled.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/docs/policies/vpc-flow-logging-enabled.md -------------------------------------------------------------------------------- /modules/mocks/report/report.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/mocks/report/report.sentinel -------------------------------------------------------------------------------- /modules/report/docs/generate_policy_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/report/docs/generate_policy_report.md -------------------------------------------------------------------------------- /modules/report/report.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/report/report.sentinel -------------------------------------------------------------------------------- /modules/tfconfig-functions/doc/is_variable_reference.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/tfconfig-functions/doc/is_variable_reference.md -------------------------------------------------------------------------------- /modules/tfconfig-functions/doc/parse_variable_name_from_reference.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/tfconfig-functions/doc/parse_variable_name_from_reference.md -------------------------------------------------------------------------------- /modules/tfconfig-functions/tfconfig-functions.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/tfconfig-functions/tfconfig-functions.sentinel -------------------------------------------------------------------------------- /modules/tfplan-functions/doc/get_variable_value.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/tfplan-functions/doc/get_variable_value.md -------------------------------------------------------------------------------- /modules/tfplan-functions/tfplan-functions.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/tfplan-functions/tfplan-functions.sentinel -------------------------------------------------------------------------------- /modules/tfresources/docs/config.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/tfresources/docs/config.md -------------------------------------------------------------------------------- /modules/tfresources/docs/plan.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/tfresources/docs/plan.md -------------------------------------------------------------------------------- /modules/tfresources/docs/state.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/tfresources/docs/state.md -------------------------------------------------------------------------------- /modules/tfresources/tfresources.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/modules/tfresources/tfresources.sentinel -------------------------------------------------------------------------------- /policies/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/README.md -------------------------------------------------------------------------------- /policies/cloudtrail/cloudtrail-bucket-access-logging-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/cloudtrail-bucket-access-logging-enabled.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/cloudtrail-cloudwatch-logs-group-arn-present.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/cloudtrail-cloudwatch-logs-group-arn-present.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/cloudtrail-log-file-validation-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/cloudtrail-log-file-validation-enabled.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/cloudtrail-logs-bucket-not-public.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/cloudtrail-logs-bucket-not-public.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/cloudtrail-server-side-encryption-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/cloudtrail-server-side-encryption-enabled.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/failure-cloudtrail-s3-bucket-has-no-access-logging-enabled-nested-modules.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/failure-cloudtrail-s3-bucket-has-no-access-logging-enabled-nested-modules.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/failure-cloudtrail-s3-bucket-has-no-access-logging-enabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/failure-cloudtrail-s3-bucket-has-no-access-logging-enabled.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/success-cloudtrail-s3-bucket-access-logging-enabled-with-constant-value.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/success-cloudtrail-s3-bucket-access-logging-enabled-with-constant-value.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/success-cloudtrail-s3-bucket-access-logging-enabled-with-mixed-references.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/success-cloudtrail-s3-bucket-access-logging-enabled-with-mixed-references.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/success-cloudtrail-s3-bucket-access-logging-enabled-with-references.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-bucket-access-logging-enabled/success-cloudtrail-s3-bucket-access-logging-enabled-with-references.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/failure-cloudwatch-log-group-arn-attribute-missing.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/failure-cloudwatch-log-group-arn-attribute-missing.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/failure-cloudwatch-log-group-arn-present-but-blank.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/failure-cloudwatch-log-group-arn-present-but-blank.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/mocks/policy-failure-cloudwatch-logs-group-arn-attribute-missing/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/mocks/policy-failure-cloudwatch-logs-group-arn-attribute-missing/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/mocks/policy-failure-cloudwatch-logs-group-arn-present-but-blank/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/mocks/policy-failure-cloudwatch-logs-group-arn-present-but-blank/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/mocks/policy-success-cloud-watch-log-group-arn/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/mocks/policy-success-cloud-watch-log-group-arn/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/success-cloud-watch-log-group-arn.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-cloudwatch-logs-group-arn-present/success-cloud-watch-log-group-arn.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/failure-enable-log-file-validation-not-defined.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/failure-enable-log-file-validation-not-defined.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/failure-enable-log-file-validation-set-to-false.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/failure-enable-log-file-validation-set-to-false.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/mocks/policy-failure-enable-log-file-validation-not-defined/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/mocks/policy-failure-enable-log-file-validation-not-defined/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/mocks/policy-failure-enable-log-file-validation-set-to-false/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/mocks/policy-failure-enable-log-file-validation-set-to-false/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/mocks/policy-success-enable-log-file-validation/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/mocks/policy-success-enable-log-file-validation/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/success-enable-log-file-validation.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-log-file-validation-enabled/success-enable-log-file-validation.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-has-public-s3-bucket-with-acl-resource.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-has-public-s3-bucket-with-acl-resource.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-has-public-s3-bucket-with-inline-acl.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-has-public-s3-bucket-with-inline-acl.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-no-public-access-block-in-nested-modules.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-no-public-access-block-in-nested-modules.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-no-public-access-block.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-no-public-access-block.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-public-access-block-block-public-acls-false.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-public-access-block-block-public-acls-false.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-public-access-block-block_public_policy-false.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-public-access-block-block_public_policy-false.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-public-access-block-ignore-public-acl-false.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-public-access-block-ignore-public-acl-false.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-public-access-block-restrict-public-buckets-false.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-has-public-access-block-restrict-public-buckets-false.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-public-access-block-has-missing-fields.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/failure-cloudtrail-s3-bucket-public-access-block-has-missing-fields.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-failure-cloudtrail-has-public-s3-bucket-with-acl-resource/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-failure-cloudtrail-has-public-s3-bucket-with-acl-resource/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-failure-cloudtrail-has-public-s3-bucket-with-inline-acl/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-failure-cloudtrail-has-public-s3-bucket-with-inline-acl/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-failure-cloudtrail-s3-bucket-has-no-public-access-block/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-failure-cloudtrail-s3-bucket-has-no-public-access-block/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-acl-resource/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-acl-resource/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-constant-value/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-constant-value/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-inline-acl/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-inline-acl/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-mixed-references/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-mixed-references/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-references/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/mocks/policy-success-cloudtrail-has-private-s3-bucket-with-references/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-acl-resource.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-acl-resource.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-constant-value.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-constant-value.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-inline-acl.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-inline-acl.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-mixed-references.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-mixed-references.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-references.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-logs-bucket-not-public/success-cloudtrail-has-private-s3-bucket-with-references.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/failure-kms-key-id-attribute-missing.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/failure-kms-key-id-attribute-missing.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/failure-kms-key-id-present-but-blank.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/failure-kms-key-id-present-but-blank.hcl -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/mocks/policy-failure-kms-key-id-attribute-missing/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/mocks/policy-failure-kms-key-id-attribute-missing/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/mocks/policy-failure-kms-key-id-present-but-blank/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/mocks/policy-failure-kms-key-id-present-but-blank/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/mocks/policy-success-kms-key-id-present/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/mocks/policy-success-kms-key-id-present/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/success-kms-key-id-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/cloudtrail/test/cloudtrail-server-side-encryption-enabled/success-kms-key-id-present.hcl -------------------------------------------------------------------------------- /policies/ec2/ec2-ebs-encryption-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/ec2-ebs-encryption-enabled.sentinel -------------------------------------------------------------------------------- /policies/ec2/ec2-metadata-imdsv2-required.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/ec2-metadata-imdsv2-required.sentinel -------------------------------------------------------------------------------- /policies/ec2/ec2-network-acl.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/ec2-network-acl.sentinel -------------------------------------------------------------------------------- /policies/ec2/ec2-security-group-ingress-traffic-restriction-port.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/ec2-security-group-ingress-traffic-restriction-port.sentinel -------------------------------------------------------------------------------- /policies/ec2/ec2-security-group-ingress-traffic-restriction-protocol.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/ec2-security-group-ingress-traffic-restriction-protocol.sentinel -------------------------------------------------------------------------------- /policies/ec2/ec2-vpc-default-security-group-no-traffic.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/ec2-vpc-default-security-group-no-traffic.sentinel -------------------------------------------------------------------------------- /policies/ec2/ec2-vpc-flow-logging-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/ec2-vpc-flow-logging-enabled.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-ebs-encryption-enabled/failure-encrypted-attribute-not-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-ebs-encryption-enabled/failure-encrypted-attribute-not-present.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-ebs-encryption-enabled/failure-encrypted-attribute-present-but-set-to-false.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-ebs-encryption-enabled/failure-encrypted-attribute-present-but-set-to-false.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-ebs-encryption-enabled/mocks/policy-failure-encrypted-attribute-not-present/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-ebs-encryption-enabled/mocks/policy-failure-encrypted-attribute-not-present/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-ebs-encryption-enabled/mocks/policy-failure-encrypted-attribute-present-but-set-to-false/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-ebs-encryption-enabled/mocks/policy-failure-encrypted-attribute-present-but-set-to-false/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-ebs-encryption-enabled/mocks/policy-success-encrypted-attribute-set-to-true/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-ebs-encryption-enabled/mocks/policy-success-encrypted-attribute-set-to-true/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-ebs-encryption-enabled/success-encrypted-set-to-true.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-ebs-encryption-enabled/success-encrypted-set-to-true.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-failure-account-level-metadata/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-failure-account-level-metadata/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-failure-instance-level-metadata/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-failure-instance-level-metadata/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-failure-no-metadata/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-failure-no-metadata/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-success-account-level-metadata/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-success-account-level-metadata/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-success-instance-level-metadata/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/mocks/policy-success-instance-level-metadata/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/policy-failure-account-level-metadata.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/policy-failure-account-level-metadata.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/policy-failure-instance-level-metadata.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/policy-failure-instance-level-metadata.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/policy-failure-no-metadata.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/policy-failure-no-metadata.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/policy-success-account-level-metadata.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/policy-success-account-level-metadata.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-metadata-imdsv2-required/policy-success-instance-level-metadata.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-metadata-imdsv2-required/policy-success-instance-level-metadata.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/failure-network-acl-port.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/failure-network-acl-port.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/failure-network-acl-protocol.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/failure-network-acl-protocol.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/failure-network-acl-rule-port.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/failure-network-acl-rule-port.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/failure-network-acl-rule-protocol.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/failure-network-acl-rule-protocol.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/failure-network-acl-rule-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/failure-network-acl-rule-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/failure-network-acl-rule-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/failure-network-acl-rule-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/failure-network-acl-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/failure-network-acl-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/failure-network-acl-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/failure-network-acl-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/failure-no-input-params.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/failure-no-input-params.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-protocol/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-protocol/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-rule-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-rule-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-rule-protocol/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-rule-protocol/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-rule-source-ipv4/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-rule-source-ipv4/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-rule-source-ipv6/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-rule-source-ipv6/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-source-ipv4/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-source-ipv4/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-source-ipv6/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/failure-network-acl-source-ipv6/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/success-network-acl-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/success-network-acl-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/success-network-acl-rule-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/success-network-acl-rule-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/success-network-acl-rule-source-ipv4/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/success-network-acl-rule-source-ipv4/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/success-network-acl-rule-source-ipv6/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/success-network-acl-rule-source-ipv6/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/success-network-acl-source-ipv4/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/success-network-acl-source-ipv4/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/mocks/success-network-acl-source-ipv6/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/mocks/success-network-acl-source-ipv6/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/success-network-acl-port.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/success-network-acl-port.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/success-network-acl-rule-port.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/success-network-acl-rule-port.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/success-network-acl-rule-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/success-network-acl-rule-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/success-network-acl-rule-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/success-network-acl-rule-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/success-network-acl-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/success-network-acl-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-network-acl/success-network-acl-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-network-acl/success-network-acl-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-protocol.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-protocol.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-ingress-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-protocol.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-protocol.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-protocol.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-protocol.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-rule-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/failure-sg-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ingress-ipv4-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ingress-ipv4-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ingress-ipv6-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ingress-ipv6-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ingress-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ingress-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ingress-protocol/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ingress-protocol/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ipv4-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ipv4-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ipv6-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-ipv6-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-protocol/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-protocol/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-rule-ipv4-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-rule-ipv4-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-rule-ipv6-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-rule-ipv6-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-rule-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-rule-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-rule-protocol/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-failure-sg-rule-protocol/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-ingress-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-ingress-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-ingress-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-ingress-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-rule-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-rule-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-rule-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-rule-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/mocks/policy-success-sg-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-ingress-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-ingress-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-ingress-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-ingress-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-ingress-source.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-ingress-source.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-rule-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-rule-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-rule-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-rule-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-rule-source.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-rule-source.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-source.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-port/success-sg-source.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-protocol.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-protocol.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-ingress-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-protocol.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-protocol.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-protocol.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-protocol.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-rule-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-source-ipv4.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-source-ipv4.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-source-ipv6.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/failure-sg-source-ipv6.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ingress-ipv4-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ingress-ipv4-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ingress-ipv6-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ingress-ipv6-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ingress-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ingress-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ingress-protocol/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ingress-protocol/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ipv4-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ipv4-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ipv6-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-ipv6-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-protocol/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-protocol/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-rule-ipv4-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-rule-ipv4-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-rule-ipv6-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-rule-ipv6-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-rule-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-rule-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-rule-protocol/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-failure-sg-rule-protocol/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-default-params/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-default-params/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-ingress-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-ingress-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-ingress-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-ingress-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-rule-port/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-rule-port/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-rule-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-rule-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-source/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/mocks/policy-success-sg-source/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-default-params.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-default-params.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-ingress-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-ingress-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-ingress-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-ingress-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-ingress-source.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-ingress-source.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-rule-port-22.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-rule-port-22.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-rule-port-3389.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-rule-port-3389.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-rule-source.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-rule-source.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-source.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-security-group-ingress-traffic-restriction-protocol/success-sg-source.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-default-security-group-with-egress.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-default-security-group-with-egress.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-default-security-group-with-ingress.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-default-security-group-with-ingress.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-egress-rule-references-default-security-group.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-egress-rule-references-default-security-group.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-egress-rule-references-default-vpc-default-sg.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-egress-rule-references-default-vpc-default-sg.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-egress-rule-references-vpc-default-sg.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-egress-rule-references-vpc-default-sg.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-ingress-rule-references-default-security-group.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-ingress-rule-references-default-security-group.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-ingress-rule-references-default-vpc-default-sg.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-ingress-rule-references-default-vpc-default-sg.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-ingress-rule-references-vpc-default-sg.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-ingress-rule-references-vpc-default-sg.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-rule-references-default-security-group.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-rule-references-default-security-group.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-rule-references-default-vpc-default-sg.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/failure-security-group-rule-references-default-vpc-default-sg.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-default-security-group-with-egress/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-default-security-group-with-egress/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-default-security-group-with-ingress/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-default-security-group-with-ingress/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-egress-rule-references-vpc-default-sg/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-egress-rule-references-vpc-default-sg/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-ingress-rule-references-vpc-default-sg/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-ingress-rule-references-vpc-default-sg/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-rule-references-default-security-group/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-rule-references-default-security-group/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-rule-references-default-vpc-default-sg/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-rule-references-default-vpc-default-sg/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-rule-references-vpc-default-sg/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-failure-security-group-rule-references-vpc-default-sg/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-success-default-security-group-no-traffic/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/mocks/policy-success-default-security-group-no-traffic/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-default-security-group-no-traffic/success-default-security-group-no-traffic.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-default-security-group-no-traffic/success-default-security-group-no-traffic.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/failure-default-vpc-resources-flow-logging-enabled-but-different-traffic-type.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/failure-default-vpc-resources-flow-logging-enabled-but-different-traffic-type.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/failure-default-vpc-resources-flow-logging-not-enabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/failure-default-vpc-resources-flow-logging-not-enabled.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/failure-flow-logging-is-referenced.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/failure-flow-logging-is-referenced.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/failure-vpc-resources-flow-logging-not-enabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/failure-vpc-resources-flow-logging-not-enabled.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-failure-default-vpc-resources-flow-logging-not-enabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-failure-default-vpc-resources-flow-logging-not-enabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-failure-flow-logging-is-referenced/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-failure-flow-logging-is-referenced/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-failure-vpc-resources-flow-logging-not-enabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-failure-vpc-resources-flow-logging-not-enabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-flow-logging-enabled-with-traffic-type-all/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-flow-logging-enabled-with-traffic-type-all/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-in-nested-module/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-in-nested-module/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/success-all-vpc-resources-flow-logging-enabled-with-traffic-type-all.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/success-all-vpc-resources-flow-logging-enabled-with-traffic-type-all.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject.hcl -------------------------------------------------------------------------------- /policies/ec2/test/ec2-vpc-flow-logging-enabled/success-all-vpc-resources-in-nested-module.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/ec2/test/ec2-vpc-flow-logging-enabled/success-all-vpc-resources-in-nested-module.hcl -------------------------------------------------------------------------------- /policies/efs/efs-encryption-at-rest-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/efs-encryption-at-rest-enabled.sentinel -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/failure-encryption-disabled-with-valid-kms-key.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/failure-encryption-disabled-with-valid-kms-key.hcl -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/failure-encryption-disabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/failure-encryption-disabled.hcl -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/failure-encryption-enabled-kms-key-empty.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/failure-encryption-enabled-kms-key-empty.hcl -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-disabled-with-valid-kms-key/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-disabled-with-valid-kms-key/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-disabled-with-valid-kms-key/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-disabled-with-valid-kms-key/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-disabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-disabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-disabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-disabled/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-enabled-kms-key-empty/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-enabled-kms-key-empty/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-enabled-kms-key-empty/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-failure-encryption-enabled-kms-key-empty/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-success-encryption-enabled-with-valid-kms-key/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-success-encryption-enabled-with-valid-kms-key/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-success-encryption-enabled-with-valid-kms-key/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/mocks/policy-success-encryption-enabled-with-valid-kms-key/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/efs/test/efs-encryption-at-rest-enabled/success-encryption-enabled-with-valid-kms-key.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/efs/test/efs-encryption-at-rest-enabled/success-encryption-enabled-with-valid-kms-key.hcl -------------------------------------------------------------------------------- /policies/iam/iam-no-admin-privileges-allowed-by-policies.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/iam-no-admin-privileges-allowed-by-policies.sentinel -------------------------------------------------------------------------------- /policies/iam/iam-no-policies-attached-to-users.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/iam-no-policies-attached-to-users.sentinel -------------------------------------------------------------------------------- /policies/iam/iam-password-expiry.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/iam-password-expiry.sentinel -------------------------------------------------------------------------------- /policies/iam/iam-password-length.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/iam-password-length.sentinel -------------------------------------------------------------------------------- /policies/iam/iam-password-lowercase.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/iam-password-lowercase.sentinel -------------------------------------------------------------------------------- /policies/iam/iam-password-numbers.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/iam-password-numbers.sentinel -------------------------------------------------------------------------------- /policies/iam/iam-password-reuse.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/iam-password-reuse.sentinel -------------------------------------------------------------------------------- /policies/iam/iam-password-symbols.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/iam-password-symbols.sentinel -------------------------------------------------------------------------------- /policies/iam/iam-password-uppercase.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/iam-password-uppercase.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-iam-policy-resource-with-inline-policy.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-iam-policy-resource-with-inline-policy.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-multiple-policies-allows-admin-privileges.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-multiple-policies-allows-admin-privileges.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-one-policy-allows-admin-privileges.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-one-policy-allows-admin-privileges.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-policy-denying-admin-privileges-but-given-inline.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-policy-denying-admin-privileges-but-given-inline.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-policy-with-multiple-statements-allow-admin-privileges.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/failure-policy-with-multiple-statements-allow-admin-privileges.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-iam-policy-resource-with-inline-policy/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-iam-policy-resource-with-inline-policy/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-iam-policy-resource-with-inline-policy/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-iam-policy-resource-with-inline-policy/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-multiple-policies-allows-admin-privileges/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-multiple-policies-allows-admin-privileges/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-multiple-policies-allows-admin-privileges/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-multiple-policies-allows-admin-privileges/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-one-policy-allows-admin-privilege/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-one-policy-allows-admin-privilege/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-one-policy-allows-admin-privilege/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-one-policy-allows-admin-privilege/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-policy-denying-admin-privileges-but-given-inline/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-policy-denying-admin-privileges-but-given-inline/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-failure-policy-denying-admin-privileges-but-given-inline/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | resources = {} 5 | -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-no-policies-allow-admin-privileges/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-no-policies-allow-admin-privileges/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-no-policies-allow-admin-privileges/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-no-policies-allow-admin-privileges/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-one-policy-denying-admin-privilege/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-one-policy-denying-admin-privilege/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-one-policy-denying-admin-privilege/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-one-policy-denying-admin-privilege/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-only-data-source-is-present-with-valid-policy-name/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-only-data-source-is-present-with-valid-policy-name/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-only-data-source-is-present-with-valid-policy-name/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-only-data-source-is-present-with-valid-policy-name/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-policy-with-no-statements/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-policy-with-no-statements/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-policy-with-no-statements/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/mocks/policy-success-policy-with-no-statements/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/success-no-policies-allow-admin-privileges.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/success-no-policies-allow-admin-privileges.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/success-one-policy-denying-admin-privilege.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/success-one-policy-denying-admin-privilege.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/success-only-data-source-is-present-with-valid-policy-name.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/success-only-data-source-is-present-with-valid-policy-name.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-admin-privileges-allowed-by-policies/success-policy-with-no-statements.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-admin-privileges-allowed-by-policies/success-policy-with-no-statements.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/failure-iam-user-policy-attachment-resource.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/failure-iam-user-policy-attachment-resource.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/failure-iam-user-policy-resource.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/failure-iam-user-policy-resource.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-failure-iam-user-policy-attachment-resource/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-failure-iam-user-policy-attachment-resource/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-failure-iam-user-policy-resource/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-failure-iam-user-policy-resource/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-success-iam-roles-attached-to-policy/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-success-iam-roles-attached-to-policy/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-success-iam-user-attached-to-policy-via-group/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-success-iam-user-attached-to-policy-via-group/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-success-no-policies-attached-to-users/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/mocks/policy-success-no-policies-attached-to-users/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/success-iam-roles-attached-to-policy.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/success-iam-roles-attached-to-policy.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/success-iam-user-attached-to-policy-via-group.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/success-iam-user-attached-to-policy-via-group.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-no-policies-attached-to-users/success-no-policies-attached-to-users.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-no-policies-attached-to-users/success-no-policies-attached-to-users.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-expiry/failure-password-expiry.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-expiry/failure-password-expiry.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-expiry/failure-password-max-age-attribute-not-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-expiry/failure-password-max-age-attribute-not-present.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-expiry/mocks/policy-failure-password-expired/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-expiry/mocks/policy-failure-password-expired/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-expiry/mocks/policy-failure-password-max-age-attribute-not-present/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-expiry/mocks/policy-failure-password-max-age-attribute-not-present/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-expiry/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-expiry/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-expiry/success-password-expiry.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-expiry/success-password-expiry.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-length/failure-password-length.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-length/failure-password-length.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-length/failure-password-minimum-password-length-attribute-not-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-length/failure-password-minimum-password-length-attribute-not-present.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-length/mocks/policy-failure-password-min-length/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-length/mocks/policy-failure-password-min-length/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-length/mocks/policy-failure-password-minimum-password-length-attribute-not-present/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-length/mocks/policy-failure-password-minimum-password-length-attribute-not-present/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-length/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-length/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-length/success-password-length.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-length/success-password-length.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-lowercase/failure-password-lowercase-attribute-not-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-lowercase/failure-password-lowercase-attribute-not-present.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-lowercase/faliure-password-lowercase.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-lowercase/faliure-password-lowercase.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-lowercase/mocks/policy-failure-password-lowercase-attribute-not-present/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-lowercase/mocks/policy-failure-password-lowercase-attribute-not-present/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-lowercase/mocks/policy-failure-password-lowercase-disabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-lowercase/mocks/policy-failure-password-lowercase-disabled/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-lowercase/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-lowercase/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-lowercase/success-password-lowercase.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-lowercase/success-password-lowercase.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-numbers/failure-password-numbers.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-numbers/failure-password-numbers.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-numbers/failure-password-require-numbers-attribute-not-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-numbers/failure-password-require-numbers-attribute-not-present.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-numbers/mocks/policy-failure-password-numbers-disabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-numbers/mocks/policy-failure-password-numbers-disabled/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-numbers/mocks/policy-failure-password-require-numbers-attribute-not-present/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-numbers/mocks/policy-failure-password-require-numbers-attribute-not-present/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-numbers/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-numbers/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-numbers/success-password-numbers.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-numbers/success-password-numbers.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-reuse/failure-password-reuse-attribute-not-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-reuse/failure-password-reuse-attribute-not-present.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-reuse/failure-password-reuse.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-reuse/failure-password-reuse.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-reuse/mocks/policy-failure-password-reuse-attribute-not-present/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-reuse/mocks/policy-failure-password-reuse-attribute-not-present/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-reuse/mocks/policy-failure-password-reuse-invalid/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-reuse/mocks/policy-failure-password-reuse-invalid/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-reuse/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-reuse/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-reuse/success-password-reuse.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-reuse/success-password-reuse.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-symbols/failure-password-require-symbol-attribute-not-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-symbols/failure-password-require-symbol-attribute-not-present.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-symbols/failure-password-symbols.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-symbols/failure-password-symbols.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-symbols/mocks/policy-failure-password-require-symbol-attribute-not-present/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-symbols/mocks/policy-failure-password-require-symbol-attribute-not-present/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-symbols/mocks/policy-failure-password-symbols-disabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-symbols/mocks/policy-failure-password-symbols-disabled/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-symbols/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-symbols/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-symbols/success-password-symbols.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-symbols/success-password-symbols.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-uppercase/failure-password-uppercase-attribute-not-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-uppercase/failure-password-uppercase-attribute-not-present.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-uppercase/failure-password-uppercase.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-uppercase/failure-password-uppercase.hcl -------------------------------------------------------------------------------- /policies/iam/test/iam-password-uppercase/mocks/policy-failure-password-uppercase-attribute-not-present/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-uppercase/mocks/policy-failure-password-uppercase-attribute-not-present/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-uppercase/mocks/policy-failure-password-uppercase-disabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-uppercase/mocks/policy-failure-password-uppercase-disabled/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-uppercase/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-uppercase/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/iam/test/iam-password-uppercase/success-password-uppercase.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/iam/test/iam-password-uppercase/success-password-uppercase.hcl -------------------------------------------------------------------------------- /policies/kms/kms-key-rotation-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/kms/kms-key-rotation-enabled.sentinel -------------------------------------------------------------------------------- /policies/kms/test/kms-key-rotation-enabled/failure-key-rotation-disabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/kms/test/kms-key-rotation-enabled/failure-key-rotation-disabled.hcl -------------------------------------------------------------------------------- /policies/kms/test/kms-key-rotation-enabled/failure-undefined-key-rotation-attribute.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/kms/test/kms-key-rotation-enabled/failure-undefined-key-rotation-attribute.hcl -------------------------------------------------------------------------------- /policies/kms/test/kms-key-rotation-enabled/mocks/policy-failure-key-rotation-disabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/kms/test/kms-key-rotation-enabled/mocks/policy-failure-key-rotation-disabled/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/kms/test/kms-key-rotation-enabled/mocks/policy-failure-undefined-key-rotation-attribute/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/kms/test/kms-key-rotation-enabled/mocks/policy-failure-undefined-key-rotation-attribute/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/kms/test/kms-key-rotation-enabled/mocks/policy-success-kms-key-disabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/kms/test/kms-key-rotation-enabled/mocks/policy-success-kms-key-disabled/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/kms/test/kms-key-rotation-enabled/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/kms/test/kms-key-rotation-enabled/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/kms/test/kms-key-rotation-enabled/success-key-rotation-enabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/kms/test/kms-key-rotation-enabled/success-key-rotation-enabled.hcl -------------------------------------------------------------------------------- /policies/kms/test/kms-key-rotation-enabled/success-kms-key-disabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/kms/test/kms-key-rotation-enabled/success-kms-key-disabled.hcl -------------------------------------------------------------------------------- /policies/rds/rds-encryption-at-rest-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/rds-encryption-at-rest-enabled.sentinel -------------------------------------------------------------------------------- /policies/rds/rds-minor-version-upgrade-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/rds-minor-version-upgrade-enabled.sentinel -------------------------------------------------------------------------------- /policies/rds/rds-public-access-disabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/rds-public-access-disabled.sentinel -------------------------------------------------------------------------------- /policies/rds/test/rds-encryption-at-rest-enabled/failure-storage-encrypted-attribute-not-present.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-encryption-at-rest-enabled/failure-storage-encrypted-attribute-not-present.hcl -------------------------------------------------------------------------------- /policies/rds/test/rds-encryption-at-rest-enabled/failure-storage-encrypted-attribute-set-to-false.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-encryption-at-rest-enabled/failure-storage-encrypted-attribute-set-to-false.hcl -------------------------------------------------------------------------------- /policies/rds/test/rds-encryption-at-rest-enabled/mocks/policy-failure-storage-encrypted-attribute-not-present/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-encryption-at-rest-enabled/mocks/policy-failure-storage-encrypted-attribute-not-present/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/rds/test/rds-encryption-at-rest-enabled/mocks/policy-failure-storage-encrypted-attribute-set-to-false/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-encryption-at-rest-enabled/mocks/policy-failure-storage-encrypted-attribute-set-to-false/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/rds/test/rds-encryption-at-rest-enabled/mocks/policy-success-storage-encrypted-true/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-encryption-at-rest-enabled/mocks/policy-success-storage-encrypted-true/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/rds/test/rds-encryption-at-rest-enabled/success-storage-encrypted-true.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-encryption-at-rest-enabled/success-storage-encrypted-true.hcl -------------------------------------------------------------------------------- /policies/rds/test/rds-minor-version-upgrade-enabled/failure.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-minor-version-upgrade-enabled/failure.hcl -------------------------------------------------------------------------------- /policies/rds/test/rds-minor-version-upgrade-enabled/mocks/policy-failure/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-minor-version-upgrade-enabled/mocks/policy-failure/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/rds/test/rds-minor-version-upgrade-enabled/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-minor-version-upgrade-enabled/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/rds/test/rds-minor-version-upgrade-enabled/success.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-minor-version-upgrade-enabled/success.hcl -------------------------------------------------------------------------------- /policies/rds/test/rds-public-access-disabled/failure.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-public-access-disabled/failure.hcl -------------------------------------------------------------------------------- /policies/rds/test/rds-public-access-disabled/mocks/policy-failure/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-public-access-disabled/mocks/policy-failure/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/rds/test/rds-public-access-disabled/mocks/policy-success/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-public-access-disabled/mocks/policy-success/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/rds/test/rds-public-access-disabled/success.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/rds/test/rds-public-access-disabled/success.hcl -------------------------------------------------------------------------------- /policies/s3/s3-block-public-access-account-level.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/s3-block-public-access-account-level.sentinel -------------------------------------------------------------------------------- /policies/s3/s3-block-public-access-bucket-level.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/s3-block-public-access-bucket-level.sentinel -------------------------------------------------------------------------------- /policies/s3/s3-enable-object-logging-for-events.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/s3-enable-object-logging-for-events.sentinel -------------------------------------------------------------------------------- /policies/s3/s3-require-mfa-delete.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/s3-require-mfa-delete.sentinel -------------------------------------------------------------------------------- /policies/s3/s3-require-ssl.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/s3-require-ssl.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/failure-invalid-block-public-acls-setting.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/failure-invalid-block-public-acls-setting.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/failure-invalid-block-public-policy-setting.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/failure-invalid-block-public-policy-setting.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/failure-invalid-ignore-public-acls-setting.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/failure-invalid-ignore-public-acls-setting.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/failure-invalid-restrict-public-buckets-setting.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/failure-invalid-restrict-public-buckets-setting.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/mocks/policy-failure-invalid-block-public-acls-setting/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/mocks/policy-failure-invalid-block-public-acls-setting/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/mocks/policy-failure-invalid-block-public-policy-setting/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/mocks/policy-failure-invalid-block-public-policy-setting/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/mocks/policy-failure-invalid-ignore-public-acls-setting/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/mocks/policy-failure-invalid-ignore-public-acls-setting/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/mocks/policy-failure-invalid-restrict-public-buckets-setting/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/mocks/policy-failure-invalid-restrict-public-buckets-setting/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/mocks/policy-success-account-level-s3-block-public-access-settings/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/mocks/policy-success-account-level-s3-block-public-access-settings/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-account-level/success-account-level-s3-block-public-access-settings.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-account-level/success-account-level-s3-block-public-access-settings.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/failure-block-public-access-settings-undefined.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/failure-block-public-access-settings-undefined.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/failure-invalid-block-public-acls-setting.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/failure-invalid-block-public-acls-setting.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/failure-invalid-block-public-policy-setting.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/failure-invalid-block-public-policy-setting.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/failure-invalid-ignore-public-acls-setting.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/failure-invalid-ignore-public-acls-setting.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/failure-invalid-restrict-public-buckets-setting.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/failure-invalid-restrict-public-buckets-setting.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/failure-no-public-access-block-for-bucket.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/failure-no-public-access-block-for-bucket.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/failure-s3-bucket-with-acl-defined-inline-and-public.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/failure-s3-bucket-with-acl-defined-inline-and-public.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/failure-s3-bucket-with-acl-resource-defined-and-public.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/failure-s3-bucket-with-acl-resource-defined-and-public.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-block-public-access-settings-undefined/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-block-public-access-settings-undefined/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-block-public-access-settings-undefined/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-block-public-acls-setting/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-block-public-acls-setting/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-block-public-acls-setting/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-block-public-policy-setting/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-block-public-policy-setting/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-block-public-policy-setting/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-ignore-public-acls-setting/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-ignore-public-acls-setting/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-ignore-public-acls-setting/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-restrict-public-buckets-setting/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-restrict-public-buckets-setting/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-invalid-restrict-public-buckets-setting/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-no-public-access-block-for-bucket/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-no-public-access-block-for-bucket/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-no-public-access-block-for-bucket/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-s3-bucket-with-acl-defined-inline-and-public/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-s3-bucket-with-acl-defined-inline-and-public/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-s3-bucket-with-acl-defined-inline-and-public/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-s3-bucket-with-acl-defined-inline-and-public/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-s3-bucket-with-acl-resource-defined-and-public/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-s3-bucket-with-acl-resource-defined-and-public/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-s3-bucket-with-acl-resource-defined-and-public/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-failure-s3-bucket-with-acl-resource-defined-and-public/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-bucket-level-s3-block-public-access-settings-nested-modules/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-bucket-level-s3-block-public-access-settings-nested-modules/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-bucket-level-s3-block-public-access-settings-with-var/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-bucket-level-s3-block-public-access-settings-with-var/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-bucket-level-s3-block-public-access-settings-with-var/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-bucket-level-s3-block-public-access-settings-with-var/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-bucket-level-s3-block-public-access-settings/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-bucket-level-s3-block-public-access-settings/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-bucket-level-s3-block-public-access-settings/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-s3-bucket-with-acl-defined-inline-and-private/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-s3-bucket-with-acl-defined-inline-and-private/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-s3-bucket-with-acl-defined-inline-and-private/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-s3-bucket-with-acl-defined-inline-and-private/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-s3-bucket-with-acl-resource-defined-and-private/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-s3-bucket-with-acl-resource-defined-and-private/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-s3-bucket-with-acl-resource-defined-and-private/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/mocks/policy-success-s3-bucket-with-acl-resource-defined-and-private/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/success-bucket-level-s3-block-public-access-settings-nested-modules.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/success-bucket-level-s3-block-public-access-settings-nested-modules.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/success-bucket-level-s3-block-public-access-settings-with-var.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/success-bucket-level-s3-block-public-access-settings-with-var.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/success-bucket-level-s3-block-public-access-settings.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/success-bucket-level-s3-block-public-access-settings.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/success-s3-bucket-with-acl-defined-inline-and-private.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/success-s3-bucket-with-acl-defined-inline-and-private.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-block-public-access-bucket-level/success-s3-bucket-with-acl-resource-defined-and-private.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-block-public-access-bucket-level/success-s3-bucket-with-acl-resource-defined-and-private.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-with-invalid-data-resource-for-read-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-with-invalid-data-resource-for-read-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-with-invalid-data-resource-for-write-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-with-invalid-data-resource-for-write-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-with-invalid-event-selector-for-read-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-with-invalid-event-selector-for-read-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-with-invalid-event-selector-for-write-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-with-invalid-event-selector-for-write-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-without-event-selector-for-read-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-without-event-selector-for-read-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-without-event-selector-for-write-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/failure-cloudtrail-without-event-selector-for-write-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/failure-no-cloudtrail-resource-for-read-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/failure-no-cloudtrail-resource-for-read-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/failure-no-cloudtrail-resource-for-write-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/failure-no-cloudtrail-resource-for-write-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-with-invalid-data-resource-for-read-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-with-invalid-data-resource-for-read-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-with-invalid-data-resource-for-write-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-with-invalid-data-resource-for-write-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-with-invalid-event-selector-for-read-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-with-invalid-event-selector-for-read-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-with-invalid-event-selector-for-write-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-with-invalid-event-selector-for-write-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-without-event-selector-for-read-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-without-event-selector-for-read-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-without-event-selector-for-write-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-cloudtrail-without-event-selector-for-write-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-no-cloudtrail-resource-for-read-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-no-cloudtrail-resource-for-read-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-no-cloudtrail-resource-for-write-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-failure-no-cloudtrail-resource-for-write-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-read-events-catchall/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-read-events-catchall/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-read-events-multiple-buckets/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-read-events-multiple-buckets/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-read-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-read-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-write-events-catchall/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-write-events-catchall/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-write-events-multiple-buckets/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-write-events-multiple-buckets/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-write-events/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/mocks/policy-success-object-logging-for-write-events/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-read-events-catchall.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-read-events-catchall.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-read-events-multiple-buckets.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-read-events-multiple-buckets.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-read-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-read-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-write-events-catchall.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-write-events-catchall.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-write-events-multiple-buckets.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-write-events-multiple-buckets.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-write-events.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-enable-object-logging-for-events/success-object-logging-for-write-events.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/failure-bucket-linked-mfa-disabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/failure-bucket-linked-mfa-disabled.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/failure-bucket-unlinked.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/failure-bucket-unlinked.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/failure-versioning-disabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/failure-versioning-disabled.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/failure-bucket-linked-mfa-disabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/mocks/failure-bucket-linked-mfa-disabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/failure-bucket-linked-mfa-disabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/failure-bucket-unlinked/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/mocks/failure-bucket-unlinked/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/failure-bucket-unlinked/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/failure-versioning-disabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/mocks/failure-versioning-disabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/failure-versioning-disabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled-in-nested-module/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled-in-nested-module/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled-in-nested-module/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled-in-nested-module/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled-using-var/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled-using-var/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled-using-var/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled-using-var/mock-tfplan-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/mocks/success-bucket-linked-mfa-enabled/mock-tfplan-v2.sentinel: -------------------------------------------------------------------------------- 1 | # Copyright (c) HashiCorp, Inc. 2 | # SPDX-License-Identifier: BUSL-1.1 3 | 4 | variables = {} 5 | -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/success-bucket-linked-mfa-enabled-in-nested-module.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/success-bucket-linked-mfa-enabled-in-nested-module.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/success-using-var.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/success-using-var.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-mfa-delete/success.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-mfa-delete/success.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/failure-policy-is-not-datasource.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/failure-policy-is-not-datasource.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/failure-secure-transport-var-missing.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/failure-secure-transport-var-missing.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/failure-traffic-allow-ssl-diabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/failure-traffic-allow-ssl-diabled.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/failure-policy-is-not-datasource/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/failure-policy-is-not-datasource/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/failure-policy-is-not-datasource/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/failure-policy-is-not-datasource/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/failure-secure-transport-var-missing/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/failure-secure-transport-var-missing/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/failure-secure-transport-var-missing/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/failure-secure-transport-var-missing/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/failure-traffic-allow-ssl-disabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/failure-traffic-allow-ssl-disabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/failure-traffic-allow-ssl-disabled/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/failure-traffic-allow-ssl-disabled/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-disabled-nested-modules/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-disabled-nested-modules/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-disabled-nested-modules/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-disabled-nested-modules/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-disabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-disabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-disabled/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-disabled/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-enabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-enabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-enabled/mock-tfstate-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/mocks/success-traffic-deny-ssl-enabled/mock-tfstate-v2.sentinel -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/success-traffic-deny-ssl-disabled-nested-modules.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/success-traffic-deny-ssl-disabled-nested-modules.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/success-traffic-deny-ssl-disabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/success-traffic-deny-ssl-disabled.hcl -------------------------------------------------------------------------------- /policies/s3/test/s3-require-ssl/success-traffic-deny-ssl-enabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/s3/test/s3-require-ssl/success-traffic-deny-ssl-enabled.hcl -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/failure-all-vpc-resources-flow-logging-enabled-with-traffic-type-all.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/failure-all-vpc-resources-flow-logging-enabled-with-traffic-type-all.hcl -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/failure-default-vpc-resources-flow-logging-enabled-but-different-traffic-type.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/failure-default-vpc-resources-flow-logging-enabled-but-different-traffic-type.hcl -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/failure-default-vpc-resources-flow-logging-not-enabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/failure-default-vpc-resources-flow-logging-not-enabled.hcl -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/failure-vpc-resources-flow-logging-not-enabled.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/failure-vpc-resources-flow-logging-not-enabled.hcl -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/failure.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/failure.hcl -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-failure-all-vpc-resources-flow-logging-enabled-with-traffic-type-all/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-failure-all-vpc-resources-flow-logging-enabled-with-traffic-type-all/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-failure-default-vpc-resources-flow-logging-not-enabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-failure-default-vpc-resources-flow-logging-not-enabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-failure-vpc-resources-flow-logging-not-enabled/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-failure-vpc-resources-flow-logging-not-enabled/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-failure/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-failure/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-in-nested-module/mock-tfconfig-v2.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/mocks/policy-success-all-vpc-resources-in-nested-module/mock-tfconfig-v2.sentinel -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/success-all-vpc-resources-flow-logging-enabled-with-traffic-type-reject.hcl -------------------------------------------------------------------------------- /policies/vpc/test/vpc-flow-logging-enabled/success-all-vpc-resources-in-nested-module.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/test/vpc-flow-logging-enabled/success-all-vpc-resources-in-nested-module.hcl -------------------------------------------------------------------------------- /policies/vpc/vpc-flow-logging-enabled.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/policies/vpc/vpc-flow-logging-enabled.sentinel -------------------------------------------------------------------------------- /sentinel.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/policy-library-CIS-Policy-Set-for-AWS-Terraform/HEAD/sentinel.hcl --------------------------------------------------------------------------------