Prwlr 750 exclude metadata json order (#1301)

* chore: exclude metadata * chore: exclude metadata * chore: no prettify * chore: no prettify
2026-02-10 06:45:08 +00:00 · 2022-08-03 12:07:36 +02:00
parent dfbc618d44
commit 5e479a5050
24 changed files with 422 additions and 417 deletions
--- a/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.metadata.json
+++ b/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.metadata.json
@@ -1,14 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_administrator_access_with_mfa",
  "CheckTitle": "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled",
  "CheckType": "Infrastructure Security",
-  "Compliance": [],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "high",
+  "ResourceType": "AwsIamUser",
  "Description": "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "Policy may allow Anonymous users to perform actions.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -22,14 +23,13 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "Policy may allow Anonymous users to perform actions.",
-  "ServiceName": "iam",
-  "Severity": "high",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": []
 }
--- a/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.metadata.json
+++ b/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.metadata.json
@@ -1,25 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_avoid_root_usage",
  "CheckTitle": "Avoid the use of the root accounts",
  "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
-  "Compliance": [
-    {
-      "Control": [
-        "1.1"
-      ],
-      "Framework": "CIS-AWS",
-      "Group": [
-        "level1"
-      ],
-      "Version": "1.4"
-    }
-  ],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "high",
+  "ResourceType": "AwsIamUser",
  "Description": "Avoid the use of the root account",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -33,14 +23,24 @@
      "Url": "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.",
-  "ServiceName": "iam",
-  "Severity": "high",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": [
+    {
+      "Control": [
+        "1.1"
+      ],
+      "Framework": "CIS-AWS",
+      "Group": [
+        "level1"
+      ],
+      "Version": "1.4"
+    }
+  ]
 }
--- a/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.metadata.json
+++ b/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.metadata.json
@@ -1,14 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_disable_30_days_credentials",
  "CheckTitle": "Ensure credentials unused for 30 days or greater are disabled",
  "CheckType": "Software and Configuration Checks",
-  "Compliance": [],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "medium",
+  "ResourceType": "AwsIamUser",
  "Description": "Ensure credentials unused for 30 days or greater are disabled",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -22,14 +23,13 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.",
-  "ServiceName": "iam",
-  "Severity": "medium",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": []
 }
--- a/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.metadata.json
+++ b/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.metadata.json
@@ -1,25 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_no_root_access_key",
  "CheckTitle": "Ensure no root account access key exists",
  "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
-  "Compliance": [
-    {
-      "Control": [
-        "1.12"
-      ],
-      "Framework": "CIS-AWS",
-      "Group": [
-        "level1"
-      ],
-      "Version": "1.4"
-    }
-  ],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "critical",
+  "ResourceType": "AwsIamUser",
  "Description": "Ensure no root account access key exists",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -33,14 +23,24 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.",
-  "ServiceName": "iam",
-  "Severity": "critical",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": [
+    {
+      "Control": [
+        "1.12"
+      ],
+      "Framework": "CIS-AWS",
+      "Group": [
+        "level1"
+      ],
+      "Version": "1.4"
+    }
+  ]
 }
--- a/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.metadata.json
+++ b/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.metadata.json
@@ -1,25 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_root_hardware_mfa_enabled",
  "CheckTitle": "Ensure hardware MFA is enabled for the root account",
  "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
-  "Compliance": [
-    {
-      "Control": [
-        "1.14"
-      ],
-      "Framework": "CIS-AWS",
-      "Group": [
-        "level1"
-      ],
-      "Version": "1.4"
-    }
-  ],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "critical",
+  "ResourceType": "AwsIamUser",
  "Description": "Ensure hardware MFA is enabled for the root account",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with a hardware MFA.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -33,14 +23,24 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with a hardware MFA.",
-  "ServiceName": "iam",
-  "Severity": "critical",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": [
+    {
+      "Control": [
+        "1.14"
+      ],
+      "Framework": "CIS-AWS",
+      "Group": [
+        "level1"
+      ],
+      "Version": "1.4"
+    }
+  ]
 }
--- a/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.metadata.json
+++ b/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.metadata.json
@@ -1,25 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_root_mfa_enabled",
  "CheckTitle": "Ensure MFA is enabled for the root account",
  "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
-  "Compliance": [
-    {
-      "Control": [
-        "1.13"
-      ],
-      "Framework": "CIS-AWS",
-      "Group": [
-        "level1"
-      ],
-      "Version": "1.4"
-    }
-  ],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "critical",
+  "ResourceType": "AwsIamUser",
  "Description": "Ensure MFA is enabled for the root account",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -33,14 +23,24 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.",
-  "ServiceName": "iam",
-  "Severity": "critical",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": [
+    {
+      "Control": [
+        "1.13"
+      ],
+      "Framework": "CIS-AWS",
+      "Group": [
+        "level1"
+      ],
+      "Version": "1.4"
+    }
+  ]
 }
--- a/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.metadata.json
+++ b/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.metadata.json
@@ -1,25 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_rotate_access_key_90_days",
  "CheckTitle": "Ensure access keys are rotated every 90 days or less",
  "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
-  "Compliance": [
-    {
-      "Control": [
-        "1.4"
-      ],
-      "Framework": "CIS-AWS",
-      "Group": [
-        "level1"
-      ],
-      "Version": "1.4"
-    }
-  ],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "medium",
+  "ResourceType": "AwsIamUser",
  "Description": "Ensure access keys are rotated every 90 days or less",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -33,14 +23,24 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.",
-  "ServiceName": "iam",
-  "Severity": "medium",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": [
+    {
+      "Control": [
+        "1.4"
+      ],
+      "Framework": "CIS-AWS",
+      "Group": [
+        "level1"
+      ],
+      "Version": "1.4"
+    }
+  ]
 }
--- a/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.metadata.json
+++ b/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.metadata.json
@@ -1,14 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_user_hardware_mfa_enabled",
  "CheckTitle": "Check if IAM users have Hardware MFA enabled.",
  "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
-  "Compliance": [],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "medium",
+  "ResourceType": "AwsIamUser",
  "Description": "Check if IAM users have Hardware MFA enabled.",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "Hardware MFA is preferred over virtual MFA.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -22,14 +23,13 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "Hardware MFA is preferred over virtual MFA.",
-  "ServiceName": "iam",
-  "Severity": "medium",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": []
 }
--- a/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.metadata.json
+++ b/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.metadata.json
@@ -1,14 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_user_mfa_enabled_console_access",
  "CheckTitle": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.",
  "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
-  "Compliance": [],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "high",
+  "ResourceType": "AwsIamUser",
  "Description": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -22,14 +23,13 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.",
-  "ServiceName": "iam",
-  "Severity": "high",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": []
 }
--- a/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.metadata.json
+++ b/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.metadata.json
@@ -1,14 +1,15 @@
 {
-  "Categories": [],
+  "Provider": "aws",
  "CheckID": "iam_user_two_active_access_key",
  "CheckTitle": "Check if IAM users have two active access keys",
  "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
-  "Compliance": [],
-  "DependsOn": [],
+  "ServiceName": "iam",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
+  "Severity": "medium",
+  "ResourceType": "AwsIamUser",
  "Description": "Check if IAM users have two active access keys",
-  "Notes": "",
-  "Provider": "aws",
-  "RelatedTo": [],
+  "Risk": "Access Keys could be lost or stolen. It creates a critical risk.",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
@@ -22,14 +23,13 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html"
    }
  },
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamUser",
-  "Risk": "Access Keys could be lost or stolen. It creates a critical risk.",
-  "ServiceName": "iam",
-  "Severity": "medium",
-  "SubServiceName": "",
+  "Categories": [],
  "Tags": {
    "Tag1Key": "value",
    "Tag2Key": "value"
-  }
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": "",
+  "Compliance": []
 }