mark Level 2 checks as such

checks/check114

@@ -11,7 +11,8 @@
 CHECK_ID_check114="1.14"
 CHECK_TITLE_check114="[check114] Ensure hardware MFA is enabled for the root account (Scored)"
 CHECK_SCORED_check114="SCORED"
-CHECK_ALTERNATE_check114="check114" 
+CHECK_TYPE_check114="LEVEL2"
+CHECK_ALTERNATE_check114="check114"
 
 check114(){
   # "Ensure hardware MFA is enabled for the root account (Scored)"

checks/check121

@@ -11,7 +11,8 @@
 CHECK_ID_check121="1.21"
 CHECK_TITLE_check121="[check121] Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)"
 CHECK_SCORED_check121="NOT_SCORED"
-CHECK_ALTERNATE_check121="check121" 
+CHECK_TYPE_check121="LEVEL2"
+CHECK_ALTERNATE_check121="check121"
 
 check121(){
   # "Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)"

checks/check22

@@ -11,7 +11,8 @@
 CHECK_ID_check22="2.2,2.02"
 CHECK_TITLE_check22="[check22] Ensure CloudTrail log file validation is enabled (Scored)"
 CHECK_SCORED_check22="SCORED"
-CHECK_ALTERNATE_check202="check22" 
+CHECK_TYPE_check22="LEVEL2"
+CHECK_ALTERNATE_check202="check22"
 
 check22(){
   # "Ensure CloudTrail log file validation is enabled (Scored)"

checks/check27

@@ -11,7 +11,8 @@
 CHECK_ID_check27="2.7,2.07"
 CHECK_TITLE_check27="[check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"
 CHECK_SCORED_check27="SCORED"
-CHECK_ALTERNATE_check207="check27" 
+CHECK_TYPE_check27="LEVEL2"
+CHECK_ALTERNATE_check207="check27"
 
 check27(){
   # "Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"

checks/check28

@@ -11,7 +11,8 @@
 CHECK_ID_check28="2.8,2.08"
 CHECK_TITLE_check28="[check28] Ensure rotation for customer created CMKs is enabled (Scored)"
 CHECK_SCORED_check28="SCORED"
-CHECK_ALTERNATE_check208="check28" 
+CHECK_TYPE_check28="LEVEL2"
+CHECK_ALTERNATE_check208="check28"
 
 check28(){
   # "Ensure rotation for customer created CMKs is enabled (Scored)"

checks/check310

@@ -11,6 +11,7 @@
 CHECK_ID_check310="3.10"
 CHECK_TITLE_check310="[check310] Ensure a log metric filter and alarm exist for security group changes (Scored)"
 CHECK_SCORED_check310="SCORED"
+CHECK_TYPE_check310="LEVEL2"
 CHECK_ALTERNATE_check310="check310"
 
 check310(){

checks/check311

@@ -10,7 +10,8 @@
 
 CHECK_ID_check311="3.11"
 CHECK_TITLE_check311="[check311] Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Scored)"
-CHECK_SCORED_check311="SCORED" 
+CHECK_SCORED_check311="SCORED"
+CHECK_TYPE_check=311"LEVEL2"
 CHECK_ALTERNATE_check311="check311"
 
 check311(){

checks/check36

@@ -11,7 +11,8 @@
 CHECK_ID_check36="3.6,3.06"
 CHECK_TITLE_check36="[check36] Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"
 CHECK_SCORED_check36="SCORED"
-CHECK_ALTERNATE_check306="check36" 
+CHECK_TYPE_check36="LEVEL2"
+CHECK_ALTERNATE_check306="check36"
 
 check36(){
   # "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"

checks/check37

@@ -11,7 +11,8 @@
 CHECK_ID_check37="3.7,3.07"
 CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"
 CHECK_SCORED_check37="SCORED"
-CHECK_ALTERNATE_check307="check37" 
+CHECK_TYPE_check37="LEVEL2"
+CHECK_ALTERNATE_check307="check37"
 
 check37(){
   # "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"

checks/check39

@@ -11,7 +11,8 @@
 CHECK_ID_check39="3.9,3.09"
 CHECK_TITLE_check39="[check39] Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"
 CHECK_SCORED_check39="SCORED"
-CHECK_ALTERNATE_check309="check39" 
+CHECK_TYPE_check39="LEVEL2"
+CHECK_ALTERNATE_check309="check39"
 
 check39(){
   # "Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"

checks/check41

@@ -11,7 +11,8 @@
 CHECK_ID_check41="4.1,4.01"
 CHECK_TITLE_check41="[check41] Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 (Scored)"
 CHECK_SCORED_check41="SCORED"
-CHECK_ALTERNATE_check401="check41" 
+CHECK_TYPE_check41="LEVEL2"
+CHECK_ALTERNATE_check401="check41"
 
 check41(){
   # "Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 (Scored)"

checks/check42

@@ -11,7 +11,8 @@
 CHECK_ID_check42="4.2,4.02"
 CHECK_TITLE_check42="[check42] Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 (Scored)"
 CHECK_SCORED_check42="SCORED"
-CHECK_ALTERNATE_check402="check42" 
+CHECK_TYPE_check42="LEVEL2"
+CHECK_ALTERNATE_check402="check42"
 
 check42(){
   # "Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 (Scored)"

checks/check43

@@ -11,7 +11,8 @@
 CHECK_ID_check43="4.3,4.03"
 CHECK_TITLE_check43="[check43] Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"
 CHECK_SCORED_check43="SCORED"
-CHECK_ALTERNATE_check403="check43" 
+CHECK_TYPE_check43="LEVEL2"
+CHECK_ALTERNATE_check403="check43"
 
 check43(){
   # "Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"

checks/check44

@@ -11,7 +11,8 @@
 CHECK_ID_check44="4.4,4.04"
 CHECK_TITLE_check44="[check44] Ensure the default security group of every VPC restricts all traffic (Scored)"
 CHECK_SCORED_check44="SCORED"
-CHECK_ALTERNATE_check404="check44" 
+CHECK_TYPE_check44="LEVEL2"
+CHECK_ALTERNATE_check404="check44"
 
 check44(){
   # "Ensure the default security group of every VPC restricts all traffic (Scored)"

checks/check45

@@ -11,7 +11,8 @@
 CHECK_ID_check45="4.5,4.05"
 CHECK_TITLE_check45="[check45] Ensure routing tables for VPC peering are \"least access\" (Not Scored)"
 CHECK_SCORED_check45="NOT_SCORED"
-CHECK_ALTERNATE_check405="check45" 
+CHECK_TYPE_check45="LEVEL2"
+CHECK_ALTERNATE_check405="check45"
 
 check45(){
   # "Ensure routing tables for VPC peering are \"least access\" (Not Scored)"