diff --git a/checks/check_extra7113 b/checks/check_extra7113
index a9dcbcce..aba1629e 100644
--- a/checks/check_extra7113
+++ b/checks/check_extra7113
@@ -36,20 +36,19 @@ CHECK_DOC_extra7113='https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER
CHECK_CAF_EPIC_extra7113='Data Protection'
extra7113(){
- textInfo "Looking for RDS Volumes in all regions... "
for regx in $REGIONS; do
LIST_OF_RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[*].DBInstanceIdentifier' --output text)
if [[ $LIST_OF_RDS_INSTANCES ]];then
for rdsinstance in $LIST_OF_RDS_INSTANCES; do
IS_DELETIONPROTECTION=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].DeletionProtection' --output text)
if [[ $IS_DELETIONPROTECTION == "False" ]]; then
- textFail "$regx: RDS instance $rdsinstance deletion protection is not enabled!" "$regx"
+ textFail "$regx: RDS instance $rdsinstance deletion protection is not enabled!" "$regx" "$rdsinstance"
else
- textPass "$regx: RDS instance $rdsinstance deletion protection is enabled" "$regx"
+ textPass "$regx: RDS instance $rdsinstance deletion protection is enabled" "$regx" "$rdsinstance"
fi
done
else
- textInfo "$regx: No RDS instances found" "$regx"
+ textInfo "$regx: No RDS instances found" "$regx" "$rdsinstance"
fi
done
}
diff --git a/checks/check_extra7131 b/checks/check_extra7131
index fc8266a1..946f1682 100644
--- a/checks/check_extra7131
+++ b/checks/check_extra7131
@@ -32,13 +32,13 @@ extra7131(){
RDS_NAME=$(echo $rds_instance | awk '{ print $1; }')
RDS_AUTOMINORUPGRADE_FLAG=$(echo $rds_instance | awk '{ print $2; }')
if [[ $RDS_AUTOMINORUPGRADE_FLAG == "True" ]];then
- textPass "$regx: RDS instance: $RDS_NAME is has minor version upgrade enabled" "$regx"
+ textPass "$regx: RDS instance: $RDS_NAME is has minor version upgrade enabled" "$regx" "$RDS_NAME"
else
- textFail "$regx: RDS instance: $RDS_NAME does not have minor version upgrade enabled" "$regx"
+ textFail "$regx: RDS instance: $RDS_NAME does not have minor version upgrade enabled" "$regx" "$RDS_NAME"
fi
done <<< "$LIST_OF_RDS_INSTANCES"
else
- textInfo "$regx: no RDS instances found" "$regx"
+ textInfo "$regx: no RDS instances found" "$regx" "$RDS_NAME"
fi
done
}
diff --git a/checks/check_extra7132 b/checks/check_extra7132
index eb64827d..97e72ad0 100644
--- a/checks/check_extra7132
+++ b/checks/check_extra7132
@@ -31,13 +31,13 @@ extra7132(){
RDS_NAME="$rdsinstance"
MONITORING_FLAG=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].[EnhancedMonitoringResourceArn]' --output text)
if [[ $MONITORING_FLAG == "None" ]];then
- textFail "$regx: RDS instance: $RDS_NAME has enhanced monitoring disabled!" "$rex"
+ textFail "$regx: RDS instance: $RDS_NAME has enhanced monitoring disabled!" "$rex" "$RDS_NAME"
else
- textPass "$regx: RDS instance: $RDS_NAME has enhanced monitoring enabled." "$regx"
+ textPass "$regx: RDS instance: $RDS_NAME has enhanced monitoring enabled." "$regx" "$RDS_NAME"
fi
done
else
- textInfo "$regx: no RDS instances found" "$regx"
+ textInfo "$regx: no RDS instances found" "$regx" "$RDS_NAME"
fi
done
}
diff --git a/checks/check_extra7133 b/checks/check_extra7133
index 2be3d662..62e8847d 100644
--- a/checks/check_extra7133
+++ b/checks/check_extra7133
@@ -31,13 +31,13 @@ extra7133(){
RDS_NAME="$rdsinstance"
MULTIAZ_FLAG=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].MultiAZ' --output text)
if [[ $MULTIAZ_FLAG == "True" ]];then
- textPass "$regx: RDS instance: $RDS_NAME has multi-AZ enabled" "$rex"
+ textPass "$regx: RDS instance: $RDS_NAME has multi-AZ enabled" "$regx" "$RDS_NAME"
else
- textFail "$regx: RDS instance: $RDS_NAME has multi-AZ disabled!" "$regx"
+ textFail "$regx: RDS instance: $RDS_NAME has multi-AZ disabled!" "$regx" "$RDS_NAME"
fi
done
else
- textInfo "$regx: no RDS instances found" "$regx"
+ textInfo "$regx: no RDS instances found" "$regx" "$RDS_NAME"
fi
done
}
diff --git a/checks/check_extra723 b/checks/check_extra723
index 187f50ce..3e0cbd04 100644
--- a/checks/check_extra723
+++ b/checks/check_extra723
@@ -32,13 +32,13 @@ extra723(){
for rdssnapshot in $LIST_OF_RDS_SNAPSHOTS;do
SNAPSHOT_IS_PUBLIC=$($AWSCLI rds describe-db-snapshot-attributes $PROFILE_OPT --region $regx --db-snapshot-identifier $rdssnapshot --query DBSnapshotAttributesResult.DBSnapshotAttributes[*] --output text|grep ^ATTRIBUTEVALUES|cut -f2|grep all)
if [[ $SNAPSHOT_IS_PUBLIC ]];then
- textFail "$regx: RDS Snapshot $rdssnapshot is public!" "$regx"
+ textFail "$regx: RDS Snapshot $rdssnapshot is public!" "$regx" "$rdssnapshot"
else
- textPass "$regx: RDS Snapshot $rdssnapshot is not shared" "$regx"
+ textPass "$regx: RDS Snapshot $rdssnapshot is not shared" "$regx" "$rdssnapshot"
fi
done
else
- textInfo "$regx: No RDS Snapshots found" "$regx"
+ textInfo "$regx: No RDS Snapshots found" "$regx" "$rdssnapshot"
fi
# RDS cluster snapshots
LIST_OF_RDS_CLUSTER_SNAPSHOTS=$($AWSCLI rds describe-db-cluster-snapshots $PROFILE_OPT --region $regx --query DBClusterSnapshots[*].DBClusterSnapshotIdentifier --output text)
@@ -46,13 +46,13 @@ extra723(){
for rdsclustersnapshot in $LIST_OF_RDS_CLUSTER_SNAPSHOTS;do
CLUSTER_SNAPSHOT_IS_PUBLIC=$($AWSCLI rds describe-db-cluster-snapshot-attributes $PROFILE_OPT --region $regx --db-cluster-snapshot-identifier $rdsclustersnapshot --query DBClusterSnapshotAttributesResult.DBClusterSnapshotAttributes[*] --output text|grep ^ATTRIBUTEVALUES|cut -f2|grep all)
if [[ $CLUSTER_SNAPSHOT_IS_PUBLIC ]];then
- textFail "$regx: RDS Cluster Snapshot $rdsclustersnapshot is public!" "$regx"
+ textFail "$regx: RDS Cluster Snapshot $rdsclustersnapshot is public!" "$regx" "$rdsclustersnapshot"
else
- textPass "$regx: RDS Cluster Snapshot $rdsclustersnapshot is not shared" "$regx"
+ textPass "$regx: RDS Cluster Snapshot $rdsclustersnapshot is not shared" "$regx" "$rdsclustersnapshot"
fi
done
else
- textInfo "$regx: No RDS Cluster Snapshots found" "$regx"
+ textInfo "$regx: No RDS Cluster Snapshots found" "$regx" "$rdsclustersnapshot"
fi
done
}
diff --git a/checks/check_extra735 b/checks/check_extra735
index 0b789f5e..f1d07aba 100644
--- a/checks/check_extra735
+++ b/checks/check_extra735
@@ -25,20 +25,19 @@ CHECK_DOC_extra735='https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overv
CHECK_CAF_EPIC_extra735='Data Protection'
extra735(){
- textInfo "Looking for RDS Volumes in all regions... "
for regx in $REGIONS; do
LIST_OF_RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[*].DBInstanceIdentifier' --output text)
if [[ $LIST_OF_RDS_INSTANCES ]];then
for rdsinstance in $LIST_OF_RDS_INSTANCES; do
IS_ENCRYPTED=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].StorageEncrypted' --output text)
if [[ $IS_ENCRYPTED == "False" ]]; then
- textFail "$regx: RDS instance $rdsinstance is not encrypted!" "$regx"
+ textFail "$regx: RDS instance $rdsinstance is not encrypted!" "$regx" "$rdsinstance"
else
- textPass "$regx: RDS instance $rdsinstance is encrypted" "$regx"
+ textPass "$regx: RDS instance $rdsinstance is encrypted" "$regx" "$rdsinstance"
fi
done
else
- textInfo "$regx: No RDS instances found" "$regx"
+ textInfo "$regx: No RDS instances found" "$regx" "$rdsinstance"
fi
done
}
diff --git a/checks/check_extra739 b/checks/check_extra739
index e36f4ab1..0cf5eb98 100644
--- a/checks/check_extra739
+++ b/checks/check_extra739
@@ -31,13 +31,13 @@ extra739(){
# if retention is 0 then is disabled
BACKUP_RETENTION=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].BackupRetentionPeriod' --output text)
if [[ $BACKUP_RETENTION == "0" ]]; then
- textFail "$regx: RDS instance $rdsinstance has not backup enabled!" "$regx"
+ textFail "$regx: RDS instance $rdsinstance has not backup enabled!" "$regx" "$rdsinstance"
else
- textPass "$regx: RDS instance $rdsinstance has backup enabled with retention period $BACKUP_RETENTION days" "$regx"
+ textPass "$regx: RDS instance $rdsinstance has backup enabled with retention period $BACKUP_RETENTION days" "$regx" "$rdsinstance"
fi
done
else
- textInfo "$regx: No RDS instances found" "$regx"
+ textInfo "$regx: No RDS instances found" "$regx" "$rdsinstance"
fi
done
}
diff --git a/checks/check_extra747 b/checks/check_extra747
index f2473563..ec6a86d8 100644
--- a/checks/check_extra747
+++ b/checks/check_extra747
@@ -31,13 +31,13 @@ extra747(){
# if retention is 0 then is disabled
ENABLED_CLOUDWATCHLOGS_EXPORTS=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].EnabledCloudwatchLogsExports' --output text)
if [[ $ENABLED_CLOUDWATCHLOGS_EXPORTS ]]; then
- textPass "$regx: RDS instance $rdsinstance is shipping $ENABLED_CLOUDWATCHLOGS_EXPORTS to CloudWatch Logs" "$regx"
+ textPass "$regx: RDS instance $rdsinstance is shipping $ENABLED_CLOUDWATCHLOGS_EXPORTS to CloudWatch Logs" "$regx" "$rdsinstance"
else
- textFail "$regx: RDS instance $rdsinstance has no CloudWatch Logs enabled!" "$regx"
+ textFail "$regx: RDS instance $rdsinstance has no CloudWatch Logs enabled!" "$regx" "$rdsinstance"
fi
done
else
- textInfo "$regx: No RDS instances found" "$regx"
+ textInfo "$regx: No RDS instances found" "$regx" "$rdsinstance"
fi
done
}
diff --git a/checks/check_extra78 b/checks/check_extra78
index 16d91ba2..a164eddb 100644
--- a/checks/check_extra78
+++ b/checks/check_extra78
@@ -27,17 +27,16 @@ CHECK_CAF_EPIC_extra78='Data Protection'
extra78(){
# "Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)"
- textInfo "Looking for RDS instances in all regions... "
for regx in $REGIONS; do
LIST_OF_RDS_PUBLIC_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[?PubliclyAccessible==`true` && DBInstanceStatus==`"available"`].[DBInstanceIdentifier,Endpoint.Address]' --output text)
if [[ $LIST_OF_RDS_PUBLIC_INSTANCES ]];then
while read -r rds_instance;do
RDS_NAME=$(echo $rds_instance | awk '{ print $1; }')
RDS_DNSNAME=$(echo $rds_instance | awk '{ print $2; }')
- textFail "$regx: RDS instance: $RDS_NAME at $RDS_DNSNAME is set as Publicly Accessible!" "$regx"
+ textFail "$regx: RDS instance: $RDS_NAME at $RDS_DNSNAME is set as Publicly Accessible!" "$regx" "$RDS_NAME"
done <<< "$LIST_OF_RDS_PUBLIC_INSTANCES"
else
- textPass "$regx: no Publicly Accessible RDS instances found" "$regx"
+ textPass "$regx: no Publicly Accessible RDS instances found" "$regx" "$RDS_NAME"
fi
done
}
diff --git a/include/csv_header b/include/csv_header
index 7a867815..3ab095c3 100644
--- a/include/csv_header
+++ b/include/csv_header
@@ -15,6 +15,6 @@
printCsvHeader() {
# >&2 echo ""
# >&2 echo "Generating \"${SEP}\" delimited report on stdout for profile $PROFILE, account $ACCOUNT_NUM"
- echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}CHECK_RESULT${SEP}ITEM_SCORED${SEP}ITEM_LEVEL${SEP}TITLE_TEXT${SEP}CHECK_RESULT_EXTENDED${SEP}CHECK_ASFF_COMPLIANCE_TYPE${SEP}CHECK_SEVERITY${SEP}CHECK_SERVICENAME${SEP}CHECK_ASFF_RESOURCE_TYPE${SEP}CHECK_ASFF_TYPE${SEP}CHECK_RISK${SEP}CHECK_REMEDIATION${SEP}CHECK_DOC${SEP}CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+ echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}CHECK_RESULT${SEP}ITEM_SCORED${SEP}ITEM_LEVEL${SEP}TITLE_TEXT${SEP}CHECK_RESULT_EXTENDED${SEP}CHECK_ASFF_COMPLIANCE_TYPE${SEP}CHECK_SEVERITY${SEP}CHECK_SERVICENAME${SEP}CHECK_ASFF_RESOURCE_TYPE${SEP}CHECK_ASFF_TYPE${SEP}CHECK_RISK${SEP}CHECK_REMEDIATION${SEP}CHECK_DOC${SEP}CHECK_CAF_EPIC${SEP}CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
# echo "PROFILE${SEP}ACCOUNT_NUM${SEP}REGION${SEP}TITLE_ID${SEP}RESULT${SEP}SCORED${SEP}LEVEL${SEP}TITLE_TEXT${SEP}NOTES${SEP}COMPLIANCE${SEP}SEVERITY${SEP}SERVICENAME" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_CSV
}
diff --git a/include/html_report b/include/html_report
index 42db8626..5db51f08 100644
--- a/include/html_report
+++ b/include/html_report
@@ -158,6 +158,7 @@ addHtmlHeader() {
| Risk |
Remediation |
Link to doc |
+ Resource ID |
diff --git a/include/outputs b/include/outputs
index 5cfa4fe9..bd22569e 100644
--- a/include/outputs
+++ b/include/outputs
@@ -77,6 +77,7 @@ fi
textPass(){
CHECK_RESULT="PASS"
CHECK_RESULT_EXTENDED="$1"
+ CHECK_RESOURCE_ID="$3"
if [[ "$QUIET" == 1 ]]; then
return
@@ -89,13 +90,13 @@ textPass(){
REPREGION=$REGION
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+ echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
fi
if [[ "${MODES[@]}" =~ "json" ]]; then
- generateJsonOutput "$1" "Pass" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_JSON
+ generateJsonOutput "$1" "Pass" "$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_JSON
fi
if [[ "${MODES[@]}" =~ "json-asff" ]]; then
- JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "PASSED")
+ JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "PASSED" "$CHECK_RESOURCE_ID")
echo "${JSON_ASFF_OUTPUT}" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_ASFF
if [[ "${SEND_TO_SECURITY_HUB}" -eq 1 ]]; then
sendToSecurityHub "${JSON_ASFF_OUTPUT}" "${REPREGION}"
@@ -118,6 +119,7 @@ textPass(){
textInfo(){
CHECK_RESULT="INFO"
CHECK_RESULT_EXTENDED="$1"
+ CHECK_RESOURCE_ID="$3"
if [[ "$QUIET" == 1 ]]; then
return
@@ -129,10 +131,10 @@ textInfo(){
REPREGION=$REGION
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+ echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
fi
if [[ "${MODES[@]}" =~ "json" ]]; then
- generateJsonOutput "$1" "Info" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
+ generateJsonOutput "$1" "Info" "$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
fi
if is_junit_output_enabled; then
output_junit_info "$1"
@@ -144,7 +146,7 @@ textInfo(){
echo " $NOTICE INFO! $1 $NORMAL"
fi
if [[ "${MODES[@]}" =~ "html" ]]; then
- generateHtmlOutput "$1" "INFO"
+ generateHtmlOutput "$1" "INFO" "$CHECK_RESOURCE_ID"
fi
}
@@ -176,6 +178,7 @@ textFail(){
CHECK_RESULT=$level
CHECK_RESULT_EXTENDED="$1"
+ CHECK_RESOURCE_ID="$3"
if [[ $2 ]]; then
REPREGION=$2
@@ -184,13 +187,13 @@ textFail(){
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+ echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
fi
if [[ "${MODES[@]}" =~ "json" ]]; then
- generateJsonOutput "$1" "${level}" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
+ generateJsonOutput "$1" "${level}" "$CHECK_RESOURCE_ID"| tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
fi
if [[ "${MODES[@]}" =~ "json-asff" ]]; then
- JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "${level}")
+ JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "${level}" "$CHECK_RESOURCE_ID")
echo "${JSON_ASFF_OUTPUT}" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_ASFF}
if [[ "${SEND_TO_SECURITY_HUB}" -eq 1 ]]; then
sendToSecurityHub "${JSON_ASFF_OUTPUT}" "${REPREGION}"
@@ -210,7 +213,7 @@ textFail(){
echo " $colorcode ${level}! $1 $NORMAL"
fi
if [[ "${MODES[@]}" =~ "html" ]]; then
- generateHtmlOutput "$1" "${level}"
+ generateHtmlOutput "$1" "${level}" "$CHECK_RESOURCE_ID"
fi
}
@@ -265,6 +268,7 @@ textTitle(){
generateJsonOutput(){
local message=$1
local status=$2
+ local resource_id=$3
jq -M -c \
--arg PROFILE "$PROFILE" \
--arg ACCOUNT_NUM "$ACCOUNT_NUM" \
@@ -279,6 +283,11 @@ generateJsonOutput(){
--arg TYPE "$CHECK_ASFF_COMPLIANCE_TYPE" \
--arg TIMESTAMP "$(get_iso8601_timestamp)" \
--arg SERVICENAME "$CHECK_SERVICENAME" \
+ --arg CHECK_CAF_EPIC "$CHECK_CAF_EPIC" \
+ --arg CHECK_RISK "$CHECK_RISK" \
+ --arg CHECK_REMEDIATION "$CHECK_REMEDIATION" \
+ --arg CHECK_DOC "$CHECK_DOC" \
+ --arg CHECK_RESOURCE_ID "$resource_id" \
-n '{
"Profile": $PROFILE,
"Account Number": $ACCOUNT_NUM,
@@ -292,7 +301,12 @@ generateJsonOutput(){
"Region": $REPREGION,
"Timestamp": $TIMESTAMP,
"Compliance": $TYPE,
- "Service": $SERVICENAME
+ "Service": $SERVICENAME,
+ "CAF Epic": $CHECK_CAF_EPIC,
+ "Risk": $CHECK_RISK,
+ "Remediation": $CHECK_REMEDIATION,
+ "Doc link": $CHECK_DOC,
+ "Resource ID": $CHECK_RESOURCE_ID
}'
}
@@ -377,6 +391,7 @@ generateHtmlOutput(){
echo ''$CHECK_RISK' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_REMEDIATION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_DOC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_RESOURCE_ID' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
fi
if [[ $status == "PASS" ]];then
@@ -395,6 +410,7 @@ generateHtmlOutput(){
echo ''$CHECK_RISK' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_REMEDIATION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_DOC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_RESOURCE_ID' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
fi
if [[ $status == "FAIL" ]];then
@@ -413,6 +429,7 @@ generateHtmlOutput(){
echo ''$CHECK_RISK' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_REMEDIATION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_DOC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_RESOURCE_ID' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
fi
if [[ $status == "WARNING" ]];then
@@ -431,6 +448,7 @@ generateHtmlOutput(){
echo ''$CHECK_RISK' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_REMEDIATION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''$CHECK_DOC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ''$CHECK_RESOURCE_ID' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ''>> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
fi
}
\ No newline at end of file