feat(): redshift service and checks (#1497)

Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>

providers/aws/services/redshift/redshift_cluster_audit_logging/redshift_cluster_audit_logging.metadata.json

@@ -0,0 +1,35 @@
+{
+    "Provider": "aws",
+    "CheckID": "redshift_cluster_audit_logging",
+    "CheckTitle": "Check if Redshift cluster has audit logging enabled",
+    "CheckType": [],
+    "ServiceName": "redshift",
+    "SubServiceName": "",
+    "ResourceIdTemplate": "arn:aws:redshift:region:account-id:cluster:cluster-name",
+    "Severity": "medium",
+    "ResourceType": "AwsRedshiftCluster",
+    "Description": "Check if Redshift cluster has audit logging enabled",
+    "Risk": "If logs are not enabled; monitoring of service use and threat analysis is not possible.",
+    "RelatedUrl": "https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html",
+    "Remediation": {
+      "Code": {
+        "CLI": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Redshift/redshift-cluster-audit-logging-enabled.html",
+        "NativeIaC": "https://docs.bridgecrew.io/docs/bc_aws_logging_12#cloudformation",
+        "Other": "https://docs.bridgecrew.io/docs/bc_aws_logging_12#aws-console",
+        "Terraform": "https://docs.bridgecrew.io/docs/bc_aws_logging_12#terraform"
+      },
+      "Recommendation": {
+        "Text": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.",
+        "Url": "https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html"
+      }
+    },
+    "Categories": [],
+    "Tags": {
+      "Tag1Key": "value",
+      "Tag2Key": "value"
+    },
+    "DependsOn": [],
+    "RelatedTo": [],
+    "Notes": "",
+    "Compliance": []
+  }

providers/aws/services/redshift/redshift_cluster_audit_logging/redshift_cluster_audit_logging.py

@@ -0,0 +1,25 @@
+from lib.check.models import Check, Check_Report
+from providers.aws.services.redshift.redshift_client import redshift_client
+
+
+class redshift_cluster_audit_logging(Check):
+    def execute(self):
+        findings = []
+        for cluster in redshift_client.clusters:
+            report = Check_Report(self.metadata)
+            report.region = cluster.region
+            report.resource_id = cluster.id
+            report.resource_arn = cluster.arn
+            report.status = "PASS"
+            report.status_extended = (
+                f"Redshift Cluster {cluster.arn} has audit logging enabled"
+            )
+            if not cluster.logging_enabled:
+                report.status = "FAIL"
+                report.status_extended = (
+                    f"Redshift Cluster {cluster.arn} has audit logging disabled"
+                )
+
+            findings.append(report)
+
+        return findings

providers/aws/services/redshift/redshift_cluster_audit_logging/redshift_cluster_audit_logging_test.py

@@ -0,0 +1,78 @@
+from re import search
+from unittest import mock
+from uuid import uuid4
+
+from providers.aws.services.redshift.redshift_service import Cluster
+
+AWS_REGION = "eu-west-1"
+AWS_ACCOUNT_NUMBER = "123456789012"
+
+cluster_id = str(uuid4())
+
+
+class Test_redshift_cluster_audit_logging:
+    def test_no_clusters(self):
+        redshift_client = mock.MagicMock
+        redshift_client.clusters = []
+        with mock.patch(
+            "providers.aws.services.redshift.redshift_service.Redshift",
+            redshift_client,
+        ):
+            from providers.aws.services.redshift.redshift_cluster_audit_logging.redshift_cluster_audit_logging import (
+                redshift_cluster_audit_logging,
+            )
+
+            check = redshift_cluster_audit_logging()
+            result = check.execute()
+            assert len(result) == 0
+
+    def test_cluster_is_not_audit_logging(self):
+        redshift_client = mock.MagicMock
+        redshift_client.clusters = []
+        redshift_client.clusters.append(
+            Cluster(
+                id=cluster_id,
+                region=AWS_REGION,
+                logging_enabled=False,
+            )
+        )
+        with mock.patch(
+            "providers.aws.services.redshift.redshift_service.Redshift",
+            redshift_client,
+        ):
+            from providers.aws.services.redshift.redshift_cluster_audit_logging.redshift_cluster_audit_logging import (
+                redshift_cluster_audit_logging,
+            )
+
+            check = redshift_cluster_audit_logging()
+            result = check.execute()
+            assert result[0].status == "FAIL"
+            assert search("has audit logging disabled", result[0].status_extended)
+            assert result[0].resource_id == cluster_id
+            assert result[0].resource_arn == ""
+
+    def test_cluster_is_audit_logging(self):
+        redshift_client = mock.MagicMock
+        redshift_client.clusters = []
+        redshift_client.clusters.append(
+            Cluster(
+                id=cluster_id,
+                region=AWS_REGION,
+                logging_enabled=True,
+                endpoint_address="192.192.192.192",
+            )
+        )
+        with mock.patch(
+            "providers.aws.services.redshift.redshift_service.Redshift",
+            redshift_client,
+        ):
+            from providers.aws.services.redshift.redshift_cluster_audit_logging.redshift_cluster_audit_logging import (
+                redshift_cluster_audit_logging,
+            )
+
+            check = redshift_cluster_audit_logging()
+            result = check.execute()
+            assert result[0].status == "PASS"
+            assert search("has audit logging enabled", result[0].status_extended)
+            assert result[0].resource_id == cluster_id
+            assert result[0].resource_arn == ""