From 707584b2ef95e48e41298a37615dfce5ad374afe Mon Sep 17 00:00:00 2001 From: Sebastian Nyberg <23510320+senyberg@users.noreply.github.com> Date: Tue, 13 Jun 2023 18:18:10 +0300 Subject: [PATCH] feat(aws): Add MFA flag if try to assume role in AWS (#2478) Co-authored-by: Pepe Fagoaga Co-authored-by: Sergio Garcia --- docs/getting-started/requirements.md | 7 ++ docs/tutorials/aws/authentication.md | 31 ++++++ docs/tutorials/aws/role-assumption.md | 9 +- mkdocs.yml | 1 + prowler/lib/cli/parser.py | 5 + prowler/providers/aws/aws_provider.py | 77 +++++++++++---- .../aws/lib/audit_info/audit_info.py | 2 + .../providers/aws/lib/audit_info/models.py | 2 + prowler/providers/common/audit_info.py | 11 +++ tests/lib/check/check_test.py | 1 + tests/lib/cli/parser_test.py | 6 ++ tests/lib/outputs/outputs_test.py | 6 ++ tests/lib/outputs/slack_test.py | 1 + tests/providers/aws/aws_provider_test.py | 96 ++++++++++++++++++- .../aws/lib/allowlist/allowlist_test.py | 1 + .../accessanalyzer_service_test.py | 1 + .../aws/services/acm/acm_service_test.py | 1 + .../apigateway_authorizers_enabled_test.py | 1 + ...gateway_client_certificate_enabled_test.py | 1 + .../apigateway_endpoint_public_test.py | 1 + .../apigateway_logging_enabled_test.py | 1 + .../apigateway/apigateway_service_test.py | 1 + .../apigateway_waf_acl_attached_test.py | 1 + ...pigatewayv2_access_logging_enabled_test.py | 1 + .../apigatewayv2_authorizers_enabled_test.py | 1 + .../apigatewayv2/apigatewayv2_service_test.py | 1 + .../appstream/appstream_service_test.py | 1 + ...d_secrets_ec2_launch_configuration_test.py | 1 + .../autoscaling_group_multiple_az_test.py | 1 + .../autoscaling/autoscaling_service_test.py | 1 + ...rations_cloudtrail_logging_enabled_test.py | 1 + .../awslambda/awslambda_service_test.py | 1 + .../services/backup/backup_service_test.py | 1 + .../cloudformation_service_test.py | 1 + .../cloudfront/cloudfront_service_test.py | 1 + ...udtrail_bucket_requires_mfa_delete_test.py | 1 + ...udtrail_cloudwatch_logging_enabled_test.py | 1 + .../cloudtrail_insights_exist_test.py | 1 + .../cloudtrail_kms_encryption_enabled_test.py | 1 + ...dtrail_log_file_validation_enabled_test.py | 1 + ...s_s3_bucket_access_logging_enabled_test.py | 1 + ..._bucket_is_not_publicly_accessible_test.py | 1 + .../cloudtrail_multi_region_enabled_test.py | 1 + ...udtrail_s3_dataevents_read_enabled_test.py | 1 + ...dtrail_s3_dataevents_write_enabled_test.py | 1 + .../cloudtrail/cloudtrail_service_test.py | 1 + ...s_to_network_acls_alarm_configured_test.py | 1 + ..._network_gateways_alarm_configured_test.py | 1 + ...work_route_tables_alarm_configured_test.py | 1 + ...h_changes_to_vpcs_alarm_configured_test.py | 1 + ...tch_cross_account_sharing_disabled_test.py | 1 + ...h_log_group_kms_encryption_enabled_test.py | 1 + ...watch_log_group_no_secrets_in_logs_test.py | 1 + ...ntion_policy_specific_days_enabled_test.py | 1 + ...nfig_configuration_changes_enabled_test.py | 1 + ...rail_configuration_changes_enabled_test.py | 1 + ...ric_filter_authentication_failures_test.py | 1 + ...c_filter_aws_organizations_changes_test.py | 1 + ...e_or_scheduled_deletion_of_kms_cmk_test.py | 1 + ...ilter_for_s3_bucket_policy_changes_test.py | 1 + ...h_log_metric_filter_policy_changes_test.py | 1 + ...watch_log_metric_filter_root_usage_test.py | 1 + ...tric_filter_security_group_changes_test.py | 1 + ..._metric_filter_sign_in_without_mfa_test.py | 1 + ...tric_filter_unauthorized_api_calls_test.py | 1 + .../cloudwatch/cloudwatch_service_test.py | 1 + .../codeartifact/codeartifact_service_test.py | 1 + .../codebuild/codebuild_service_test.py | 1 + ...onfig_recorder_all_regions_enabled_test.py | 1 + .../services/config/config_service_test.py | 1 + .../directoryservice_service_test.py | 1 + .../aws/services/drs/drs_service_test.py | 1 + ...lerator_cluster_encryption_enabled_test.py | 1 + .../dynamodb/dynamodb_service_test.py | 1 + ..._tables_kms_cmk_encryption_enabled_test.py | 1 + .../dynamodb_tables_pitr_enabled_test.py | 1 + .../ec2/ec2_ami_public/ec2_ami_public_test.py | 1 + .../ec2_ebs_default_encryption_test.py | 1 + .../ec2_ebs_public_snapshot_test.py | 1 + .../ec2_ebs_snapshots_encrypted_test.py | 1 + .../ec2_ebs_volume_encryption_test.py | 1 + .../ec2_elastic_ip_shodan_test.py | 1 + .../ec2_elastic_ip_unassgined_test.py | 1 + .../ec2_instance_imdsv2_enabled_test.py | 1 + ...ernet_facing_with_instance_profile_test.py | 1 + ..._instance_older_than_specific_days_test.py | 1 + .../ec2_instance_profile_attached_test.py | 1 + .../ec2_instance_public_ip_test.py | 1 + .../ec2_instance_secrets_user_data_test.py | 1 + ..._networkacl_allow_ingress_any_port_test.py | 1 + ...tworkacl_allow_ingress_tcp_port_22_test.py | 1 + ...orkacl_allow_ingress_tcp_port_3389_test.py | 1 + ..._ingress_from_internet_to_any_port_test.py | 1 + ...ternet_to_port_mongodb_27017_27018_test.py | 1 + ...rom_internet_to_tcp_ftp_port_20_21_test.py | 1 + ...gress_from_internet_to_tcp_port_22_test.py | 1 + ...ess_from_internet_to_tcp_port_3389_test.py | 1 + ..._tcp_port_cassandra_7199_9160_8888_test.py | 1 + ...lasticsearch_kibana_9200_9300_5601_test.py | 1 + ...om_internet_to_tcp_port_kafka_9092_test.py | 1 + ...ternet_to_tcp_port_memcached_11211_test.py | 1 + ...om_internet_to_tcp_port_mysql_3306_test.py | 1 + ...ernet_to_tcp_port_oracle_1521_2483_test.py | 1 + ...internet_to_tcp_port_postgres_5432_test.py | 1 + ...om_internet_to_tcp_port_redis_6379_test.py | 1 + ...t_to_tcp_port_sql_server_1433_1434_test.py | 1 + ...rom_internet_to_tcp_port_telnet_23_test.py | 1 + ...ygroup_allow_wide_open_public_ipv4_test.py | 1 + ...ritygroup_default_restrict_traffic_test.py | 1 + ...2_securitygroup_from_launch_wizard_test.py | 1 + .../ec2_securitygroup_not_used_test.py | 1 + ...oup_with_many_ingress_egress_rules_test.py | 1 + .../aws/services/ec2/ec2_service_test.py | 1 + .../aws/services/ecr/ecr_service_test.py | 1 + .../aws/services/ecs/ecs_service_test.py | 1 + .../aws/services/efs/efs_service_test.py | 1 + .../aws/services/eks/eks_service_test.py | 1 + .../elb_insecure_ssl_ciphers_test.py | 1 + .../elb_internet_facing_test.py | 1 + .../elb_logging_enabled_test.py | 1 + .../aws/services/elb/elb_service_test.py | 1 + .../elb_ssl_listeners_test.py | 1 + .../elbv2_deletion_protection_test.py | 1 + .../elbv2_desync_mitigation_mode_test.py | 1 + .../elbv2_insecure_ssl_ciphers_test.py | 1 + .../elbv2_internet_facing_test.py | 1 + .../elbv2_listeners_underneath_test.py | 1 + .../elbv2_logging_enabled_test.py | 1 + .../aws/services/elbv2/elbv2_service_test.py | 1 + .../elbv2_ssl_listeners_test.py | 1 + .../elbv2_waf_acl_attached_test.py | 1 + .../emr_cluster_publicly_accesible_test.py | 1 + .../aws/services/emr/emr_service_test.py | 1 + .../aws/services/fms/fms_service_test.py | 1 + .../services/glacier/glacier_service_test.py | 1 + .../globalaccelerator_service_test.py | 1 + .../aws/services/glue/glue_service_test.py | 1 + .../guardduty/guardduty_service_test.py | 1 + .../iam_administrator_access_with_mfa_test.py | 1 + .../iam_avoid_root_usage_test.py | 1 + ...olicy_no_administrative_privileges_test.py | 1 + .../iam_check_saml_providers_sts_test.py | 1 + ...olicy_no_administrative_privileges_test.py | 1 + ...olicy_no_administrative_privileges_test.py | 1 + .../iam_disable_30_days_credentials_test.py | 1 + .../iam_disable_45_days_credentials_test.py | 1 + .../iam_disable_90_days_credentials_test.py | 1 + ..._policy_permissive_role_assumption_test.py | 1 + ...expired_server_certificates_stored_test.py | 1 + .../iam_no_root_access_key_test.py | 1 + ...s_passwords_within_90_days_or_less_test.py | 1 + .../iam_password_policy_lowercase_test.py | 1 + ..._password_policy_minimum_length_14_test.py | 1 + .../iam_password_policy_number_test.py | 1 + .../iam_password_policy_reuse_24_test.py | 1 + .../iam_password_policy_symbol_test.py | 1 + .../iam_password_policy_uppercase_test.py | 1 + ...policy_allows_privilege_escalation_test.py | 1 + ...cy_attached_only_to_group_or_roles_test.py | 1 + ...olicy_no_full_access_to_cloudtrail_test.py | 1 + .../iam_policy_no_full_access_to_kms_test.py | 1 + ...ross_account_readonlyaccess_policy_test.py | 1 + ...service_confused_deputy_prevention_test.py | 1 + .../iam_root_hardware_mfa_enabled_test.py | 1 + .../iam_root_mfa_enabled_test.py | 1 + .../iam_rotate_access_key_90_days_test.py | 1 + .../iam_securityaudit_role_created_test.py | 1 + .../aws/services/iam/iam_service_test.py | 1 + .../iam_support_role_created_test.py | 1 + .../iam_user_hardware_mfa_enabled_test.py | 1 + ...am_user_mfa_enabled_console_access_test.py | 1 + ...m_user_no_setup_initial_access_key_test.py | 1 + .../iam_user_two_active_access_key_test.py | 1 + .../inspector2/inspector2_service_test.py | 1 + .../kms_cmk_are_used/kms_cmk_are_used_test.py | 1 + .../kms_cmk_rotation_enabled_test.py | 1 + .../kms_key_not_publicly_accessible_test.py | 1 + .../aws/services/kms/kms_service_test.py | 1 + .../aws/services/macie/macie_service_test.py | 1 + .../networkfirewall_in_all_vpc_test.py | 1 + .../networkfirewall_service_test.py | 1 + .../opensearch/opensearch_service_test.py | 1 + ...ions_account_part_of_organizations_test.py | 1 + ...nizations_delegated_administrators_test.py | 1 + ...ganizations_scp_check_deny_regions_test.py | 1 + .../organizations_service_test.py | 1 + ...tags_policies_enabled_and_attached_test.py | 1 + .../rds_instance_backup_enabled_test.py | 1 + .../rds_instance_deletion_protection_test.py | 1 + ...instance_deprecated_engine_version_test.py | 1 + ...stance_enhanced_monitoring_enabled_test.py | 1 + ...stance_integration_cloudwatch_logs_test.py | 1 + ...ance_minor_version_upgrade_enabled_test.py | 1 + .../rds_instance_multi_az_test.py | 1 + .../rds_instance_no_public_access_test.py | 1 + .../rds_instance_storage_encrypted_test.py | 1 + .../rds_instance_transport_encrypted_test.py | 1 + .../aws/services/rds/rds_service_test.py | 1 + .../rds_snapshots_public_access_test.py | 1 + .../redshift/redshift_service_test.py | 1 + .../resourceexplorer2_indexes_found_test.py | 1 + .../resourceexplorer2_service_test.py | 1 + ...e53_dangling_ip_subdomain_takeover_test.py | 1 + .../services/route53/route53_service_test.py | 1 + .../route53/route53domains_service_test.py | 1 + ...account_level_public_access_blocks_test.py | 1 + .../s3_bucket_acl_prohibited_test.py | 1 + .../s3_bucket_default_encryption_test.py | 1 + ...3_bucket_level_public_access_block_test.py | 1 + .../s3_bucket_no_mfa_delete_test.py | 1 + .../s3_bucket_object_lock_test.py | 1 + .../s3_bucket_object_versioning_test.py | 1 + ..._bucket_policy_public_write_access_test.py | 1 + .../s3_bucket_public_access_test.py | 1 + .../s3_bucket_secure_transport_policy_test.py | 1 + ...cket_server_access_logging_enabled_test.py | 1 + .../aws/services/s3/s3_service_test.py | 1 + .../sagemaker/sagemaker_service_test.py | 1 + .../secretsmanager_service_test.py | 1 + .../securityhub/securityhub_service_test.py | 1 + ...otection_in_associated_elastic_ips_test.py | 1 + ...otection_in_classic_load_balancers_test.py | 1 + ..._in_internet_facing_load_balancers_test.py | 1 + .../services/shield/shield_service_test.py | 1 + .../aws/services/sns/sns_service_test.py | 1 + .../aws/services/sqs/sqs_service_test.py | 1 + .../aws/services/ssm/ssm_service_test.py | 1 + .../ssmincidents/ssmincidents_service_test.py | 1 + .../trustedadvisor_service_test.py | 1 + .../vpc_different_regions_test.py | 1 + ...point_connections_trust_boundaries_test.py | 1 + ...llowed_principals_trust_boundaries_test.py | 1 + .../vpc_flow_logs_enabled_test.py | 1 + ...outing_tables_with_least_privilege_test.py | 1 + .../aws/services/vpc/vpc_service_test.py | 1 + .../vpc_subnet_different_az_test.py | 1 + ...vpc_subnet_no_public_ip_by_default_test.py | 1 + ...vpc_subnet_separate_private_public_test.py | 1 + .../aws/services/waf/waf_service_test.py | 1 + .../aws/services/wafv2/wafv2_service_test.py | 1 + .../wellarchitected_service_test.py | 1 + .../workspaces/workspaces_service_test.py | 1 + ...s_vpc_2private_1public_subnets_nat_test.py | 1 + tests/providers/common/audit_info_test.py | 10 +- tests/providers/common/common_outputs_test.py | 1 + 245 files changed, 470 insertions(+), 25 deletions(-) create mode 100644 docs/tutorials/aws/authentication.md diff --git a/docs/getting-started/requirements.md b/docs/getting-started/requirements.md index 9cafe84f..c327040b 100644 --- a/docs/getting-started/requirements.md +++ b/docs/getting-started/requirements.md @@ -30,6 +30,13 @@ Those credentials must be associated to a user or role with proper permissions t > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json). +### Multi-Factor Authentication + +If your IAM entity enforces MFA you can use `--mfa` and Prowler will ask you to input the following values to get a new session: + +- ARN of your MFA device +- TOTP (Time-Based One-Time Password) + ## Azure Prowler for azure supports the following authentication types: diff --git a/docs/tutorials/aws/authentication.md b/docs/tutorials/aws/authentication.md new file mode 100644 index 00000000..971d1aa4 --- /dev/null +++ b/docs/tutorials/aws/authentication.md @@ -0,0 +1,31 @@ +# AWS Authentication + +Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or instance profile/role): + +```console +aws configure +``` + +or + +```console +export AWS_ACCESS_KEY_ID="ASXXXXXXX" +export AWS_SECRET_ACCESS_KEY="XXXXXXXXX" +export AWS_SESSION_TOKEN="XXXXXXXXX" +``` + +Those credentials must be associated to a user or role with proper permissions to do all checks. To make sure, add the following AWS managed policies to the user or role being used: + + - arn:aws:iam::aws:policy/SecurityAudit + - arn:aws:iam::aws:policy/job-function/ViewOnlyAccess + + > Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using. + + > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json). + +## Multi-Factor Authentication + +If your IAM entity enforces MFA you can use `--mfa` and Prowler will ask you to input the following values to get a new session: + +- ARN of your MFA device +- TOTP (Time-Based One-Time Password) diff --git a/docs/tutorials/aws/role-assumption.md b/docs/tutorials/aws/role-assumption.md index 7348855e..ae302bb5 100644 --- a/docs/tutorials/aws/role-assumption.md +++ b/docs/tutorials/aws/role-assumption.md @@ -5,7 +5,7 @@ Prowler uses the AWS SDK (Boto3) underneath so it uses the same authentication m However, there are few ways to run Prowler against multiple accounts using IAM Assume Role feature depending on each use case: 1. You can just set up your custom profile inside `~/.aws/config` with all needed information about the role to assume then call it with `prowler aws -p/--profile your-custom-profile`. - - An example profile that performs role-chaining is given below. The `credential_source` can either be set to `Environment`, `Ec2InstanceMetadata`, or `EcsContainer`. + - An example profile that performs role-chaining is given below. The `credential_source` can either be set to `Environment`, `Ec2InstanceMetadata`, or `EcsContainer`. - Alternatively, you could use the `source_profile` instead of `credential_source` to specify a separate named profile that contains IAM user credentials with permission to assume the target the role. More information can be found [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html). ``` [profile crossaccountrole] @@ -23,6 +23,13 @@ prowler aws -R arn:aws:iam:::role/ prowler aws -T/--session-duration -I/--external-id -R arn:aws:iam:::role/ ``` +## Role MFA + +If your IAM Role has MFA configured you can use `--mfa` along with `-R`/`--role ` and Prowler will ask you to input the following values to get a new temporary session for the IAM Role provided: +- ARN of your MFA device +- TOTP (Time-Based One-Time Password) + + ## Create Role To create a role to be assumed in one or multiple accounts you can use either as CloudFormation Stack or StackSet the following [template](https://github.com/prowler-cloud/prowler/blob/master/permissions/create_role_to_assume_cfn.yaml) and adapt it. diff --git a/mkdocs.yml b/mkdocs.yml index 289e24c2..765e8560 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -40,6 +40,7 @@ nav: - Pentesting: tutorials/pentesting.md - Developer Guide: tutorials/developer-guide.md - AWS: + - Authentication: tutorials/aws/authentication.md - Assume Role: tutorials/aws/role-assumption.md - AWS Security Hub: tutorials/aws/securityhub.md - AWS Organizations: tutorials/aws/organizations.md diff --git a/prowler/lib/cli/parser.py b/prowler/lib/cli/parser.py index 9d7a8225..e521f4a7 100644 --- a/prowler/lib/cli/parser.py +++ b/prowler/lib/cli/parser.py @@ -289,6 +289,11 @@ Detailed documentation at https://docs.prowler.cloud help="ARN of the role to be assumed", # Pending ARN validation ) + aws_auth_subparser.add_argument( + "--mfa", + action="store_true", + help="IAM entity enforces MFA so you need to input the MFA ARN and the TOTP", + ) aws_auth_subparser.add_argument( "-T", "--session-duration", diff --git a/prowler/providers/aws/aws_provider.py b/prowler/providers/aws/aws_provider.py index 94a4bb7b..99b0525d 100644 --- a/prowler/providers/aws/aws_provider.py +++ b/prowler/providers/aws/aws_provider.py @@ -2,7 +2,7 @@ import os import pathlib import sys -from boto3 import session +from boto3 import client, session from botocore.credentials import RefreshableCredentials from botocore.session import get_session @@ -25,8 +25,8 @@ class AWS_Provider: def set_session(self, audit_info): try: + # If we receive a credentials object filled is coming form an assumed role, so renewal is needed if audit_info.credentials: - # If we receive a credentials object filled is coming form an assumed role, so renewal is needed logger.info("Creating session for assumed role ...") # From botocore we can use RefreshableCredentials class, which has an attribute (refresh_using) # that needs to be a method without arguments that retrieves a new set of fresh credentials @@ -52,9 +52,37 @@ class AWS_Provider: # If we do not receive credentials start the session using the profile else: logger.info("Creating session for not assumed identity ...") - return session.Session(profile_name=audit_info.profile) + # Input MFA only if a role is not going to be assumed + if audit_info.mfa_enabled and not audit_info.assumed_role_info.role_arn: + mfa_ARN, mfa_TOTP = input_role_mfa_token_and_code() + get_session_token_arguments = { + "SerialNumber": mfa_ARN, + "TokenCode": mfa_TOTP, + } + sts_client = client("sts") + session_credentials = sts_client.get_session_token( + **get_session_token_arguments + ) + return session.Session( + aws_access_key_id=session_credentials["Credentials"][ + "AccessKeyId" + ], + aws_secret_access_key=session_credentials["Credentials"][ + "SecretAccessKey" + ], + aws_session_token=session_credentials["Credentials"][ + "SessionToken" + ], + profile_name=audit_info.profile, + ) + else: + return session.Session( + profile_name=audit_info.profile, + ) except Exception as error: - logger.critical(f"{error.__class__.__name__} -- {error}") + logger.critical( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}" + ) sys.exit(1) # Refresh credentials method using assume role @@ -79,31 +107,40 @@ class AWS_Provider: def assume_role(session: session.Session, assumed_role_info: AWS_Assume_Role) -> dict: try: + assume_role_arguments = { + "RoleArn": assumed_role_info.role_arn, + "RoleSessionName": "ProwlerAsessmentSession", + "DurationSeconds": assumed_role_info.session_duration, + } + + if assumed_role_info.external_id: + assume_role_arguments["ExternalId"] = assumed_role_info.external_id + + if assumed_role_info.mfa_enabled: + mfa_ARN, mfa_TOTP = input_role_mfa_token_and_code() + assume_role_arguments["SerialNumber"] = mfa_ARN + assume_role_arguments["TokenCode"] = mfa_TOTP + # set the info to assume the role from the partition, account and role name sts_client = session.client("sts") - # If external id, set it to the assume role api call - if assumed_role_info.external_id: - assumed_credentials = sts_client.assume_role( - RoleArn=assumed_role_info.role_arn, - RoleSessionName="ProwlerAsessmentSession", - DurationSeconds=assumed_role_info.session_duration, - ExternalId=assumed_role_info.external_id, - ) - # else assume the role without the external id - else: - assumed_credentials = sts_client.assume_role( - RoleArn=assumed_role_info.role_arn, - RoleSessionName="ProwlerProAsessmentSession", - DurationSeconds=assumed_role_info.session_duration, - ) + assumed_credentials = sts_client.assume_role(**assume_role_arguments) except Exception as error: - logger.critical(f"{error.__class__.__name__} -- {error}") + logger.critical( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}" + ) sys.exit(1) else: return assumed_credentials +def input_role_mfa_token_and_code() -> tuple[str]: + """input_role_mfa_token_and_code ask for the AWS MFA ARN and TOTP and returns it.""" + mfa_ARN = input("Enter ARN of MFA: ") + mfa_TOTP = input("Enter MFA code: ") + return (mfa_ARN.strip(), mfa_TOTP.strip()) + + def generate_regional_clients( service: str, audit_info: AWS_Audit_Info, global_service: bool = False ) -> dict: diff --git a/prowler/providers/aws/lib/audit_info/audit_info.py b/prowler/providers/aws/lib/audit_info/audit_info.py index 665aa43b..bcb59933 100644 --- a/prowler/providers/aws/lib/audit_info/audit_info.py +++ b/prowler/providers/aws/lib/audit_info/audit_info.py @@ -29,7 +29,9 @@ current_audit_info = AWS_Audit_Info( role_arn=None, session_duration=None, external_id=None, + mfa_enabled=None, ), + mfa_enabled=None, audit_resources=None, audited_regions=None, organizations_metadata=None, diff --git a/prowler/providers/aws/lib/audit_info/models.py b/prowler/providers/aws/lib/audit_info/models.py index 1b68fecb..b04deddb 100644 --- a/prowler/providers/aws/lib/audit_info/models.py +++ b/prowler/providers/aws/lib/audit_info/models.py @@ -19,6 +19,7 @@ class AWS_Assume_Role: role_arn: str session_duration: int external_id: str + mfa_enabled: bool @dataclass @@ -44,6 +45,7 @@ class AWS_Audit_Info: profile: str profile_region: str credentials: AWS_Credentials + mfa_enabled: bool assumed_role_info: AWS_Assume_Role audited_regions: list audit_resources: list diff --git a/prowler/providers/common/audit_info.py b/prowler/providers/common/audit_info.py index 949fcf8c..6f275240 100644 --- a/prowler/providers/common/audit_info.py +++ b/prowler/providers/common/audit_info.py @@ -77,8 +77,10 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE # Assume Role Options input_role = arguments.get("role") + current_audit_info.assumed_role_info.role_arn = input_role input_session_duration = arguments.get("session_duration") input_external_id = arguments.get("external_id") + # Since the range(i,j) goes from i to j-1 we have to j+1 if input_session_duration and input_session_duration not in range(900, 43201): raise Exception("Value for -T option must be between 900 and 43200") @@ -89,6 +91,10 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE if not input_role: raise Exception("To use -I/-T options -R option is needed") + # MFA Configuration (false by default) + input_mfa = arguments.get("mfa") + current_audit_info.mfa_enabled = input_mfa + input_profile = arguments.get("profile") input_regions = arguments.get("region") organizations_role_arn = arguments.get("organizations_role") @@ -143,6 +149,8 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE current_audit_info.assumed_role_info.session_duration = ( input_session_duration ) + current_audit_info.assumed_role_info.external_id = input_external_id + current_audit_info.assumed_role_info.mfa_enabled = input_mfa # Check if role arn is valid try: @@ -174,6 +182,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE input_session_duration ) current_audit_info.assumed_role_info.external_id = input_external_id + current_audit_info.assumed_role_info.mfa_enabled = input_mfa # Check if role arn is valid try: @@ -210,6 +219,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE ) # new session is needed assumed_session = aws_provider.set_session(current_audit_info) + if assumed_session: logger.info("Audit session is the new session created assuming role") current_audit_info.audit_session = assumed_session @@ -219,6 +229,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE else: logger.info("Audit session is the original one") current_audit_info.audit_session = current_audit_info.original_session + # Setting default region of session if current_audit_info.audit_session.region_name: current_audit_info.profile_region = ( diff --git a/tests/lib/check/check_test.py b/tests/lib/check/check_test.py index 26746ea5..3385f749 100644 --- a/tests/lib/check/check_test.py +++ b/tests/lib/check/check_test.py @@ -157,6 +157,7 @@ class Test_Check: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/lib/cli/parser_test.py b/tests/lib/cli/parser_test.py index e63f8e96..b3f45659 100644 --- a/tests/lib/cli/parser_test.py +++ b/tests/lib/cli/parser_test.py @@ -677,6 +677,12 @@ class Test_Parser: parsed = self.parser.parse(command) assert parsed.role == role + def test_aws_parser_mfa(self): + argument = "--mfa" + command = [prowler_command, argument] + parsed = self.parser.parse(command) + assert parsed.mfa + def test_aws_parser_session_duration_short(self): argument = "-T" duration = "900" diff --git a/tests/lib/outputs/outputs_test.py b/tests/lib/outputs/outputs_test.py index 69585910..ce5d3c82 100644 --- a/tests/lib/outputs/outputs_test.py +++ b/tests/lib/outputs/outputs_test.py @@ -94,6 +94,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) test_output_modes = [ ["csv"], @@ -413,6 +414,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) finding = Check_Report( load_check_metadata( @@ -489,6 +491,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) # Creat mock bucket bucket_name = "test_bucket" @@ -539,6 +542,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) # Creat mock bucket bucket_name = "test_bucket" @@ -596,6 +600,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) # Creat mock bucket bucket_name = "test_bucket" @@ -704,6 +709,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) finding = Check_Report( load_check_metadata( diff --git a/tests/lib/outputs/slack_test.py b/tests/lib/outputs/slack_test.py index befcafdf..e1763906 100644 --- a/tests/lib/outputs/slack_test.py +++ b/tests/lib/outputs/slack_test.py @@ -43,6 +43,7 @@ class Test_Slack_Integration: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) gcp_audit_info = GCP_Audit_Info( credentials=None, diff --git a/tests/providers/aws/aws_provider_test.py b/tests/providers/aws/aws_provider_test.py index 68318557..985f8007 100644 --- a/tests/providers/aws/aws_provider_test.py +++ b/tests/providers/aws/aws_provider_test.py @@ -1,5 +1,6 @@ import boto3 import sure # noqa +from mock import patch from moto import mock_iam, mock_sts from prowler.providers.aws.aws_provider import ( @@ -15,13 +16,13 @@ ACCOUNT_ID = 123456789012 class Test_AWS_Provider: @mock_iam @mock_sts - def test_assume_role(self): + def test_assume_role_without_mfa(self): # Variables role_name = "test-role" role_arn = f"arn:aws:iam::{ACCOUNT_ID}:role/{role_name}" session_duration_seconds = 900 audited_regions = "eu-west-1" - sessionName = "ProwlerProAsessmentSession" + sessionName = "ProwlerAsessmentSession" # Boto 3 client to create our user iam_client = boto3.client("iam", region_name="us-east-1") # IAM user @@ -55,10 +56,12 @@ class Test_AWS_Provider: role_arn=role_arn, session_duration=session_duration_seconds, external_id=None, + mfa_enabled=False, ), audited_regions=audited_regions, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) # Call assume_role @@ -92,6 +95,92 @@ class Test_AWS_Provider: 21 + 1 + len(sessionName) ) + @mock_iam + @mock_sts + def test_assume_role_with_mfa(self): + # Variables + role_name = "test-role" + role_arn = f"arn:aws:iam::{ACCOUNT_ID}:role/{role_name}" + session_duration_seconds = 900 + audited_regions = "eu-west-1" + sessionName = "ProwlerAsessmentSession" + # Boto 3 client to create our user + iam_client = boto3.client("iam", region_name="us-east-1") + # IAM user + iam_user = iam_client.create_user(UserName="test-user")["User"] + access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ + "AccessKey" + ] + access_key_id = access_key["AccessKeyId"] + secret_access_key = access_key["SecretAccessKey"] + # New Boto3 session with the previously create user + session = boto3.session.Session( + aws_access_key_id=access_key_id, + aws_secret_access_key=secret_access_key, + region_name="us-east-1", + ) + + # Fulfil the input session object for Prowler + audit_info = AWS_Audit_Info( + session_config=None, + original_session=session, + audit_session=None, + audited_account=None, + audited_account_arn=None, + audited_partition=None, + audited_identity_arn=None, + audited_user_id=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=AWS_Assume_Role( + role_arn=role_arn, + session_duration=session_duration_seconds, + external_id=None, + mfa_enabled=True, + ), + audited_regions=audited_regions, + organizations_metadata=None, + audit_resources=None, + mfa_enabled=False, + ) + + # Call assume_role + aws_provider = AWS_Provider(audit_info) + # Patch MFA + with patch( + "prowler.providers.aws.aws_provider.input_role_mfa_token_and_code", + return_value=(f"arn:aws:iam::{ACCOUNT_ID}:mfa/test-role-mfa", "111111"), + ): + assume_role_response = assume_role( + aws_provider.aws_session, aws_provider.role_info + ) + # Recover credentials for the assume role operation + credentials = assume_role_response["Credentials"] + # Test the response + # SessionToken + credentials["SessionToken"].should.have.length_of(356) + credentials["SessionToken"].startswith("FQoGZXIvYXdzE") + # AccessKeyId + credentials["AccessKeyId"].should.have.length_of(20) + credentials["AccessKeyId"].startswith("ASIA") + # SecretAccessKey + credentials["SecretAccessKey"].should.have.length_of(40) + # Assumed Role + assume_role_response["AssumedRoleUser"]["Arn"].should.equal( + f"arn:aws:sts::{ACCOUNT_ID}:assumed-role/{role_name}/{sessionName}" + ) + # AssumedRoleUser + assert assume_role_response["AssumedRoleUser"]["AssumedRoleId"].startswith( + "AROA" + ) + assert assume_role_response["AssumedRoleUser"]["AssumedRoleId"].endswith( + ":" + sessionName + ) + assume_role_response["AssumedRoleUser"][ + "AssumedRoleId" + ].should.have.length_of(21 + 1 + len(sessionName)) + def test_generate_regional_clients(self): # New Boto3 session with the previously create user session = boto3.session.Session( @@ -115,6 +204,7 @@ class Test_AWS_Provider: audited_regions=audited_regions, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) generate_regional_clients_response = generate_regional_clients( "ec2", audit_info @@ -146,6 +236,7 @@ class Test_AWS_Provider: audited_regions=audited_regions, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) generate_regional_clients_response = generate_regional_clients( "route53", audit_info, global_service=True @@ -176,6 +267,7 @@ class Test_AWS_Provider: audited_regions=audited_regions, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) generate_regional_clients_response = generate_regional_clients( "shield", audit_info, global_service=True diff --git a/tests/providers/aws/lib/allowlist/allowlist_test.py b/tests/providers/aws/lib/allowlist/allowlist_test.py index 00e440fd..8355d9b1 100644 --- a/tests/providers/aws/lib/allowlist/allowlist_test.py +++ b/tests/providers/aws/lib/allowlist/allowlist_test.py @@ -37,6 +37,7 @@ class Test_Allowlist: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py index 42825b26..74cd2f63 100644 --- a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py +++ b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py @@ -90,6 +90,7 @@ class Test_AccessAnalyzer_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/acm/acm_service_test.py b/tests/providers/aws/services/acm/acm_service_test.py index c7efdebf..77df7819 100644 --- a/tests/providers/aws/services/acm/acm_service_test.py +++ b/tests/providers/aws/services/acm/acm_service_test.py @@ -116,6 +116,7 @@ class Test_ACM_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py index ac9f0621..fcdd8570 100644 --- a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py @@ -31,6 +31,7 @@ class Test_apigateway_authorizers_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py index 49ae52e2..b3159a37 100644 --- a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py @@ -31,6 +31,7 @@ class Test_apigateway_client_certificate_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py b/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py index 82536ffc..db87d53d 100644 --- a/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py @@ -30,6 +30,7 @@ class Test_apigateway_endpoint_public: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py index a7d919fb..bcf99a6c 100644 --- a/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py @@ -30,6 +30,7 @@ class Test_apigateway_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_service_test.py b/tests/providers/aws/services/apigateway/apigateway_service_test.py index 442aa9dd..3f1440b9 100644 --- a/tests/providers/aws/services/apigateway/apigateway_service_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_service_test.py @@ -30,6 +30,7 @@ class Test_APIGateway_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py index 2dc69893..22863a4e 100644 --- a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py @@ -30,6 +30,7 @@ class Test_apigateway_waf_acl_attached: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py index 7dd46d2f..de9c5d01 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py @@ -59,6 +59,7 @@ class Test_apigatewayv2_access_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py index 113f3930..ccd6a210 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py @@ -59,6 +59,7 @@ class Test_apigatewayv2_authorizers_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py index 072d8173..3d62c736 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py @@ -61,6 +61,7 @@ class Test_ApiGatewayV2_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/appstream/appstream_service_test.py b/tests/providers/aws/services/appstream/appstream_service_test.py index 3a3c1397..d7945c23 100644 --- a/tests/providers/aws/services/appstream/appstream_service_test.py +++ b/tests/providers/aws/services/appstream/appstream_service_test.py @@ -83,6 +83,7 @@ class Test_AppStream_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py index 5c3a939b..a8d09906 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py @@ -30,6 +30,7 @@ class Test_autoscaling_find_secrets_ec2_launch_configuration: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py b/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py index a08e901e..067515c4 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py @@ -30,6 +30,7 @@ class Test_autoscaling_group_multiple_az: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py index b585e1cb..b175d294 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py @@ -32,6 +32,7 @@ class Test_AutoScaling_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py b/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py index a16f10d1..c48ec671 100644 --- a/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py @@ -45,6 +45,7 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/awslambda/awslambda_service_test.py b/tests/providers/aws/services/awslambda/awslambda_service_test.py index b8cbc7b1..78471528 100644 --- a/tests/providers/aws/services/awslambda/awslambda_service_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_service_test.py @@ -87,6 +87,7 @@ class Test_Lambda_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, audit_metadata=Audit_Metadata( services_scanned=0, # We need to set this check to call __list_functions__ diff --git a/tests/providers/aws/services/backup/backup_service_test.py b/tests/providers/aws/services/backup/backup_service_test.py index 9b9d8dc5..e4b5449d 100644 --- a/tests/providers/aws/services/backup/backup_service_test.py +++ b/tests/providers/aws/services/backup/backup_service_test.py @@ -93,6 +93,7 @@ class Test_Backup_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudformation/cloudformation_service_test.py b/tests/providers/aws/services/cloudformation/cloudformation_service_test.py index 04279d33..5ecf0102 100644 --- a/tests/providers/aws/services/cloudformation/cloudformation_service_test.py +++ b/tests/providers/aws/services/cloudformation/cloudformation_service_test.py @@ -154,6 +154,7 @@ class Test_CloudFormation_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudfront/cloudfront_service_test.py b/tests/providers/aws/services/cloudfront/cloudfront_service_test.py index 53828408..b4c6b621 100644 --- a/tests/providers/aws/services/cloudfront/cloudfront_service_test.py +++ b/tests/providers/aws/services/cloudfront/cloudfront_service_test.py @@ -175,6 +175,7 @@ class Test_CloudFront_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py index 72ee7922..4ba123ec 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py @@ -36,6 +36,7 @@ class Test_cloudtrail_bucket_requires_mfa_delete: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py index f1f2bfbf..4c734bea 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py @@ -31,6 +31,7 @@ class Test_cloudtrail_cloudwatch_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py index 2d528934..abcd7e34 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_insights_exist: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py index 50fc6f57..0c125ac7 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_kms_encryption_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py index 221188a5..5315f014 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_log_file_validation_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py index 15784218..6ba9fe71 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_logs_s3_bucket_access_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py index 75a3c66c..58acee27 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_logs_s3_bucket_is_not_publicly_accessible: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py index 088a798a..b8db5722 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py @@ -31,6 +31,7 @@ class Test_cloudtrail_multi_region_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py index 2ce72f24..d505453b 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_s3_dataevents_read_enabled: audited_regions=["us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py index 4d1c31d1..2275e09a 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_s3_dataevents_write_enabled: audited_regions=["us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py index c3adb01c..eca7ce61 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py @@ -29,6 +29,7 @@ class Test_Cloudtrail_Service: audited_regions=["eu-west-1", "us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py index e688633a..0d441373 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py index b7abe6e2..d8374c02 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py index 1c00c5f6..932f8520 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py index e99aad8b..ba61bfd9 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py index 669b92b4..f78528d4 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py @@ -30,6 +30,7 @@ class Test_cloudwatch_cross_account_sharing_disabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py index 60991461..4bf45aee 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py index 88f218a1..6ee58934 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py @@ -32,6 +32,7 @@ class Test_cloudwatch_log_group_no_secrets_in_logs: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py index 833c8ee7..77ecae14 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py index e5660c87..204bcaa4 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_c audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py index cd8f44ba..5d823684 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_c audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py index 0fc548c1..2e141cb3 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_authentication_failures: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py index 2458d56e..16f99d22 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py index 9bd2a894..5465dbea 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py index 36a616b7..57401bf1 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_for_s3_bucket_policy_changes: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py index 28bc448e..f65e663e 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py index 65cd8820..2c32ff61 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_root_usage: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py index 764e5271..53751b98 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py index 844dfd1b..ec2b8217 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_sign_in_without_mfa: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py index b5d0fae3..4f7cb652 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py index 33690eab..43e8999c 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py @@ -34,6 +34,7 @@ class Test_CloudWatch_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, audit_metadata=Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ diff --git a/tests/providers/aws/services/codeartifact/codeartifact_service_test.py b/tests/providers/aws/services/codeartifact/codeartifact_service_test.py index 434fc254..6ad3f3ea 100644 --- a/tests/providers/aws/services/codeartifact/codeartifact_service_test.py +++ b/tests/providers/aws/services/codeartifact/codeartifact_service_test.py @@ -123,6 +123,7 @@ class Test_CodeArtifact_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/codebuild/codebuild_service_test.py b/tests/providers/aws/services/codebuild/codebuild_service_test.py index bc71422b..1afad5ae 100644 --- a/tests/providers/aws/services/codebuild/codebuild_service_test.py +++ b/tests/providers/aws/services/codebuild/codebuild_service_test.py @@ -72,6 +72,7 @@ class Test_Codebuild_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py index 44f68436..eacc3dd3 100644 --- a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py +++ b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py @@ -30,6 +30,7 @@ class Test_config_recorder_all_regions_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/config/config_service_test.py b/tests/providers/aws/services/config/config_service_test.py index 4beeab16..612cd084 100644 --- a/tests/providers/aws/services/config/config_service_test.py +++ b/tests/providers/aws/services/config/config_service_test.py @@ -30,6 +30,7 @@ class Test_Config_Service: audited_regions=["eu-west-1", "us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/directoryservice/directoryservice_service_test.py b/tests/providers/aws/services/directoryservice/directoryservice_service_test.py index 7f26ec87..fbaec5fe 100644 --- a/tests/providers/aws/services/directoryservice/directoryservice_service_test.py +++ b/tests/providers/aws/services/directoryservice/directoryservice_service_test.py @@ -138,6 +138,7 @@ class Test_DirectoryService_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/drs/drs_service_test.py b/tests/providers/aws/services/drs/drs_service_test.py index ea1f10f5..5cd573ed 100644 --- a/tests/providers/aws/services/drs/drs_service_test.py +++ b/tests/providers/aws/services/drs/drs_service_test.py @@ -76,6 +76,7 @@ class Test_DRS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py index acda5062..476059d6 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py @@ -31,6 +31,7 @@ class Test_dynamodb_accelerator_cluster_encryption_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py index 8cd6d3cc..6ceb6e6e 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py @@ -30,6 +30,7 @@ class Test_DynamoDB_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py index fe4ae0f8..3700454d 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py @@ -31,6 +31,7 @@ class Test_dynamodb_tables_kms_cmk_encryption_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py index 8527af7a..220b0e69 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py @@ -31,6 +31,7 @@ class Test_dynamodb_tables_pitr_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py b/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py index a6d52f0f..d780f7b1 100644 --- a/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py +++ b/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py @@ -31,6 +31,7 @@ class Test_ec2_ami_public: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py b/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py index fdca3fa7..95b95978 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py @@ -32,6 +32,7 @@ class Test_ec2_ebs_default_encryption: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py b/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py index f389aad0..e49c78ee 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py @@ -41,6 +41,7 @@ class Test_ec2_ebs_public_snapshot: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py b/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py index 84cb6956..08232137 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py @@ -41,6 +41,7 @@ class Test_ec2_ebs_snapshots_encrypted: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py b/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py index 7b13c275..812d7209 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py @@ -30,6 +30,7 @@ class Test_ec2_ebs_volume_encryption: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py b/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py index 7d6a68fc..7f44cd58 100644 --- a/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py +++ b/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py @@ -32,6 +32,7 @@ class Test_ec2_elastic_ip_shodan: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py b/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py index 6ec60681..0ba6095f 100644 --- a/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py +++ b/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py @@ -32,6 +32,7 @@ class Test_ec2_elastic_ip_unassgined: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py b/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py index 91fa3cc9..ad791fb7 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py @@ -32,6 +32,7 @@ class Test_ec2_instance_imdsv2_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py b/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py index e91a268f..b21aedd5 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py @@ -32,6 +32,7 @@ class Test_ec2_instance_internet_facing_with_instance_profile: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py b/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py index 2d934ebb..154bcd1e 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py @@ -34,6 +34,7 @@ class Test_ec2_instance_older_than_specific_days: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py b/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py index 62323ef6..c2fb81fa 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py @@ -32,6 +32,7 @@ class Test_ec2_instance_profile_attached: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py index c4959f80..54498a5b 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py @@ -32,6 +32,7 @@ class Test_ec2_instance_public_ip: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py index 2ea7b5a0..a1290f13 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py @@ -31,6 +31,7 @@ class Test_ec2_instance_secrets_user_data: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py index 9627f7c2..115a2874 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py @@ -30,6 +30,7 @@ class ec2_networkacl_allow_ingress_any_port: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py index 6ba3e2b2..3cb2240d 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py @@ -30,6 +30,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_22: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py index 86018ac1..e97b429e 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py @@ -30,6 +30,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_3389: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py index b21fb1ac..2a2b660c 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py index ec4bf65b..8651457d 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_2 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py index 6e28f9ad..e995c633 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py index 0db687d1..cd0c1e86 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py index f2ae3484..c9dafa84 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py index e58e6fcd..3453805c 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py index d848d254..fa3ec82f 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsear audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py index c5b97841..9dfbaaf2 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py index 054d8596..70d0243f 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_1 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py index 506a8df2..687446e6 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py index df0220d9..36adfc08 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py index ae70209d..55760f63 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py index ac2fcab7..0b60b853 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py index a52cfe77..6f0c231b 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py @@ -31,6 +31,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_ audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py index ed02120f..47f3beeb 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py index ee22238a..cbc1ee7d 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_wide_open_public_ipv4: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py index c9244c4c..105d062a 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py @@ -30,6 +30,7 @@ class Test_ec2_securitygroup_default_restrict_traffic: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py index ffb119be..6331fcfb 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py @@ -32,6 +32,7 @@ class Test_ec2_securitygroup_from_launch_wizard: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py index 18ed73e7..d5b430fb 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py @@ -32,6 +32,7 @@ class Test_ec2_securitygroup_not_used: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py index 2f89973a..29178d79 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_with_many_ingress_egress_rules: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_service_test.py b/tests/providers/aws/services/ec2/ec2_service_test.py index 7d361643..8041ffe7 100644 --- a/tests/providers/aws/services/ec2/ec2_service_test.py +++ b/tests/providers/aws/services/ec2/ec2_service_test.py @@ -39,6 +39,7 @@ class Test_EC2_Service: audited_regions=["eu-west-1", "us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ecr/ecr_service_test.py b/tests/providers/aws/services/ecr/ecr_service_test.py index 3edac352..b27b8750 100644 --- a/tests/providers/aws/services/ecr/ecr_service_test.py +++ b/tests/providers/aws/services/ecr/ecr_service_test.py @@ -115,6 +115,7 @@ class Test_ECR_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ecs/ecs_service_test.py b/tests/providers/aws/services/ecs/ecs_service_test.py index 9ce3e877..2feb2358 100644 --- a/tests/providers/aws/services/ecs/ecs_service_test.py +++ b/tests/providers/aws/services/ecs/ecs_service_test.py @@ -42,6 +42,7 @@ class Test_ECS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/efs/efs_service_test.py b/tests/providers/aws/services/efs/efs_service_test.py index f95d2fde..06e13c89 100644 --- a/tests/providers/aws/services/efs/efs_service_test.py +++ b/tests/providers/aws/services/efs/efs_service_test.py @@ -74,6 +74,7 @@ class Test_EFS: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/eks/eks_service_test.py b/tests/providers/aws/services/eks/eks_service_test.py index 55127e6b..23222053 100644 --- a/tests/providers/aws/services/eks/eks_service_test.py +++ b/tests/providers/aws/services/eks/eks_service_test.py @@ -47,6 +47,7 @@ class Test_EKS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py index 7c2e91dc..df61e8b4 100644 --- a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py @@ -31,6 +31,7 @@ class Test_elb_insecure_ssl_ciphers: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py index ccec367f..fc3ad525 100644 --- a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py +++ b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py @@ -31,6 +31,7 @@ class Test_elb_request_smugling: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py index c163dd27..4f5033c6 100644 --- a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py +++ b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py @@ -31,6 +31,7 @@ class Test_elb_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_service_test.py b/tests/providers/aws/services/elb/elb_service_test.py index 4792dd59..b94cb766 100644 --- a/tests/providers/aws/services/elb/elb_service_test.py +++ b/tests/providers/aws/services/elb/elb_service_test.py @@ -30,6 +30,7 @@ class Test_ELB_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py index 5531d161..0a395129 100644 --- a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py +++ b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py @@ -31,6 +31,7 @@ class Test_elb_ssl_listeners: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py index 86ff9059..1ec2d752 100644 --- a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py @@ -31,6 +31,7 @@ class Test_elbv2_deletion_protection: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py b/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py index 248fea35..532cc4da 100644 --- a/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py @@ -31,6 +31,7 @@ class Test_elbv2_desync_mitigation_mode: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py index 5f826167..e70e4bab 100644 --- a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py @@ -31,6 +31,7 @@ class Test_elbv2_insecure_ssl_ciphers: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py b/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py index e0a3e5a8..10edf37b 100644 --- a/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py @@ -31,6 +31,7 @@ class Test_elbv2_internet_facing: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py b/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py index a07110e2..08531ab3 100644 --- a/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py @@ -31,6 +31,7 @@ class Test_elbv2_listeners_underneath: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py index 397edc83..3b52b219 100644 --- a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py @@ -31,6 +31,7 @@ class Test_elbv2_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_service_test.py b/tests/providers/aws/services/elbv2/elbv2_service_test.py index c14ac455..17abd403 100644 --- a/tests/providers/aws/services/elbv2/elbv2_service_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_service_test.py @@ -30,6 +30,7 @@ class Test_ELBv2_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py b/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py index b17a7789..37180436 100644 --- a/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py @@ -31,6 +31,7 @@ class Test_elbv2_ssl_listeners: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py b/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py index 0786236f..2f69895e 100644 --- a/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py @@ -53,6 +53,7 @@ class Test_elbv2_waf_acl_attached: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py b/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py index 129ca601..60fcadf3 100644 --- a/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py +++ b/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py @@ -33,6 +33,7 @@ class Test_emr_cluster_publicly_accesible: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/emr/emr_service_test.py b/tests/providers/aws/services/emr/emr_service_test.py index 92c354fa..1e88ed5b 100644 --- a/tests/providers/aws/services/emr/emr_service_test.py +++ b/tests/providers/aws/services/emr/emr_service_test.py @@ -69,6 +69,7 @@ class Test_EMR_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/fms/fms_service_test.py b/tests/providers/aws/services/fms/fms_service_test.py index 6cdf26b2..9f32e3ef 100644 --- a/tests/providers/aws/services/fms/fms_service_test.py +++ b/tests/providers/aws/services/fms/fms_service_test.py @@ -85,6 +85,7 @@ class Test_FMS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/glacier/glacier_service_test.py b/tests/providers/aws/services/glacier/glacier_service_test.py index 460ce0b2..00b11870 100644 --- a/tests/providers/aws/services/glacier/glacier_service_test.py +++ b/tests/providers/aws/services/glacier/glacier_service_test.py @@ -96,6 +96,7 @@ class Test_Glacier_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py b/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py index 60bdc25d..c1d9f4df 100644 --- a/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py +++ b/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py @@ -70,6 +70,7 @@ class Test_GlobalAccelerator_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/glue/glue_service_test.py b/tests/providers/aws/services/glue/glue_service_test.py index 42f78ce4..c23f56d1 100644 --- a/tests/providers/aws/services/glue/glue_service_test.py +++ b/tests/providers/aws/services/glue/glue_service_test.py @@ -138,6 +138,7 @@ class Test_Glue_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/guardduty/guardduty_service_test.py b/tests/providers/aws/services/guardduty/guardduty_service_test.py index e1bf6bd9..572f2d8b 100644 --- a/tests/providers/aws/services/guardduty/guardduty_service_test.py +++ b/tests/providers/aws/services/guardduty/guardduty_service_test.py @@ -80,6 +80,7 @@ class Test_GuardDuty_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py index 3ed572dc..818a3cf4 100644 --- a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py +++ b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py @@ -34,6 +34,7 @@ class Test_iam_administrator_access_with_mfa_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py index f5539eac..1c2e67d0 100644 --- a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py +++ b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py @@ -35,6 +35,7 @@ class Test_iam_avoid_root_usage: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py index ca34c323..890bd007 100644 --- a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py @@ -30,6 +30,7 @@ class Test_iam_aws_attached_policy_no_administrative_privileges_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py index b86cf7cc..d6693a35 100644 --- a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py +++ b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py @@ -32,6 +32,7 @@ class Test_iam_check_saml_providers_sts: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py index b90678af..4afa1f1c 100644 --- a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py @@ -31,6 +31,7 @@ class Test_iam_customer_attached_policy_no_administrative_privileges_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py index b3324736..22aa40cb 100644 --- a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py @@ -31,6 +31,7 @@ class Test_iam_customer_unattached_policy_no_administrative_privileges_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py index e1c0974b..916b9594 100644 --- a/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py @@ -34,6 +34,7 @@ class Test_iam_disable_30_days_credentials_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py index 3ac41b4d..0b6a3747 100644 --- a/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py @@ -34,6 +34,7 @@ class Test_iam_disable_45_days_credentials_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py index df5f991f..0be08a4d 100644 --- a/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py @@ -34,6 +34,7 @@ class Test_iam_disable_90_days_credentials_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py index 77656567..c26e34f1 100644 --- a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py +++ b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py @@ -34,6 +34,7 @@ class Test_iam_no_custom_policy_permissive_role_assumption: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py index 5b547915..0f9b99c4 100644 --- a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py +++ b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py @@ -33,6 +33,7 @@ class Test_iam_no_expired_server_certificates_stored_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py index dc966601..959b1252 100644 --- a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py @@ -33,6 +33,7 @@ class Test_iam_no_root_access_key_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py index ce719683..83a7df39 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py @@ -33,6 +33,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py index d3b1a62a..b8abb4dc 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py @@ -30,6 +30,7 @@ class Test_iam_password_policy_lowercase: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py index 8b55dde6..ed2d736f 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py @@ -30,6 +30,7 @@ class Test_iam_password_policy_minimum_length_14: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py index c11057ad..f9a56331 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py @@ -30,6 +30,7 @@ class Test_iam_password_policy_number: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py index 9741aa4a..3b080dea 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py @@ -29,6 +29,7 @@ class Test_iam_password_policy_reuse_24: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py index b95f3d5c..d19a0609 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py @@ -30,6 +30,7 @@ class Test_iam_password_policy_symbol: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py index 764c6532..ca496118 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py @@ -29,6 +29,7 @@ class Test_iam_password_policy_uppercase: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py index 0a28fcca..7519cf08 100644 --- a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py +++ b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py @@ -31,6 +31,7 @@ class Test_iam_policy_allows_privilege_escalation: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py index be1021b7..6c4882a9 100644 --- a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py +++ b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py @@ -31,6 +31,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py index 3e4757b8..894e3a2d 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py @@ -30,6 +30,7 @@ class Test_iam_policy_no_full_access_to_cloudtrail: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py index bd62865b..eef57bce 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py @@ -30,6 +30,7 @@ class Test_iam_policy_no_full_access_to_kms: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py index 122feb5f..72722c24 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py @@ -32,6 +32,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py index 9d061852..a77be120 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py @@ -32,6 +32,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py index 96352c4a..f05a38f2 100644 --- a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py @@ -30,6 +30,7 @@ class Test_iam_root_hardware_mfa_enabled_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py index 2582efa2..38ba648a 100644 --- a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py @@ -30,6 +30,7 @@ class Test_iam_root_mfa_enabled_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py index d0551924..1c5c7386 100644 --- a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py +++ b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py @@ -30,6 +30,7 @@ class Test_iam_rotate_access_key_90_days_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py index 8049cb70..eeb34c09 100644 --- a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py @@ -33,6 +33,7 @@ class Test_iam_securityaudit_role_created: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_service_test.py b/tests/providers/aws/services/iam/iam_service_test.py index e83a0892..29c98205 100644 --- a/tests/providers/aws/services/iam/iam_service_test.py +++ b/tests/providers/aws/services/iam/iam_service_test.py @@ -33,6 +33,7 @@ class Test_IAM_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py index fe025f5b..d1f0e036 100644 --- a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py @@ -31,6 +31,7 @@ class Test_iam_support_role_created: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py index bf3b6894..fa5cad22 100644 --- a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py @@ -30,6 +30,7 @@ class Test_iam_user_hardware_mfa_enabled_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py index 4666b203..326edec8 100644 --- a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py +++ b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py @@ -29,6 +29,7 @@ class Test_iam_user_mfa_enabled_console_access_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py index 0fae4735..ad7bfe2c 100644 --- a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py @@ -31,6 +31,7 @@ class Test_iam_user_no_setup_initial_access_key_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py index 909e6906..9cfece9b 100644 --- a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py @@ -30,6 +30,7 @@ class Test_iam_user_two_active_access_key: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/inspector2/inspector2_service_test.py b/tests/providers/aws/services/inspector2/inspector2_service_test.py index ae95e1b1..cb110179 100644 --- a/tests/providers/aws/services/inspector2/inspector2_service_test.py +++ b/tests/providers/aws/services/inspector2/inspector2_service_test.py @@ -102,6 +102,7 @@ class Test_Inspector2_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py b/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py index 78f5eec1..7df3d055 100644 --- a/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py +++ b/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py @@ -30,6 +30,7 @@ class Test_kms_cmk_are_used: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py b/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py index 987ab5c9..b1cc22b1 100644 --- a/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py +++ b/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py @@ -30,6 +30,7 @@ class Test_kms_cmk_rotation_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py b/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py index de4e98d3..dd99ab8f 100644 --- a/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py @@ -31,6 +31,7 @@ class Test_kms_key_not_publicly_accessible: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/kms/kms_service_test.py b/tests/providers/aws/services/kms/kms_service_test.py index c35c7891..a7ea3c96 100644 --- a/tests/providers/aws/services/kms/kms_service_test.py +++ b/tests/providers/aws/services/kms/kms_service_test.py @@ -32,6 +32,7 @@ class Test_ACM_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/macie/macie_service_test.py b/tests/providers/aws/services/macie/macie_service_test.py index 6ac03ca8..1e1b7206 100644 --- a/tests/providers/aws/services/macie/macie_service_test.py +++ b/tests/providers/aws/services/macie/macie_service_test.py @@ -67,6 +67,7 @@ class Test_Macie_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py b/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py index 4d040fb7..ddf91f7c 100644 --- a/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py +++ b/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py @@ -40,6 +40,7 @@ class Test_networkfirewall_in_all_vpc: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py b/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py index 53c3170c..fcc0ab3c 100644 --- a/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py +++ b/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py @@ -85,6 +85,7 @@ class Test_NetworkFirewall_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/opensearch/opensearch_service_test.py b/tests/providers/aws/services/opensearch/opensearch_service_test.py index a4417c4d..9c935ae6 100644 --- a/tests/providers/aws/services/opensearch/opensearch_service_test.py +++ b/tests/providers/aws/services/opensearch/opensearch_service_test.py @@ -124,6 +124,7 @@ class Test_OpenSearchService_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py index 537cb9b8..ca8cdf8e 100644 --- a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py +++ b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py @@ -34,6 +34,7 @@ class Test_organizations_account_part_of_organizations: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py index 995ed383..0e4de2e4 100644 --- a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py +++ b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py @@ -34,6 +34,7 @@ class Test_organizations_delegated_administrators: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py index 8df12791..ebb70111 100644 --- a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py +++ b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py @@ -38,6 +38,7 @@ class Test_organizations_scp_check_deny_regions: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_service_test.py b/tests/providers/aws/services/organizations/organizations_service_test.py index 47a92585..77fbf1cc 100644 --- a/tests/providers/aws/services/organizations/organizations_service_test.py +++ b/tests/providers/aws/services/organizations/organizations_service_test.py @@ -39,6 +39,7 @@ class Test_Organizations_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py b/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py index e90767b2..653727d7 100644 --- a/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py +++ b/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py @@ -37,6 +37,7 @@ class Test_organizations_tags_policies_enabled_and_attached: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py index 801592f3..c228aa16 100644 --- a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py @@ -53,6 +53,7 @@ class Test_rds_instance_backup_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py b/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py index de857395..515705f8 100644 --- a/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py +++ b/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py @@ -53,6 +53,7 @@ class Test_rds_instance_deletion_protection: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py b/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py index 567c5206..2dbe640a 100644 --- a/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py +++ b/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_deprecated_engine_version: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py index 7e42fa08..b12177fd 100644 --- a/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_enhanced_monitoring_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py b/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py index 56da05ab..3775eddd 100644 --- a/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py +++ b/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_integration_cloudwatch_logs: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py index 9b183b29..a1cab091 100644 --- a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_minor_version_upgrade_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py b/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py index 87046ef0..262c84ab 100644 --- a/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py +++ b/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py @@ -53,6 +53,7 @@ class Test_rds_instance_multi_az: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py index 1da59ea3..88880c24 100644 --- a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py +++ b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_no_public_access: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py b/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py index b2b51a61..54f18ec7 100644 --- a/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py +++ b/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_storage_encrypted: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py b/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py index a7d223a8..a639f8cc 100644 --- a/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py +++ b/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_transport_encrypted: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_service_test.py b/tests/providers/aws/services/rds/rds_service_test.py index 7a8531c7..468bb70f 100644 --- a/tests/providers/aws/services/rds/rds_service_test.py +++ b/tests/providers/aws/services/rds/rds_service_test.py @@ -51,6 +51,7 @@ class Test_RDS_Service: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py b/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py index 7fde31c4..28968836 100644 --- a/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py +++ b/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py @@ -60,6 +60,7 @@ class Test_rds_snapshots_public_access: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/redshift/redshift_service_test.py b/tests/providers/aws/services/redshift/redshift_service_test.py index e27eeb87..8ec9c9b3 100644 --- a/tests/providers/aws/services/redshift/redshift_service_test.py +++ b/tests/providers/aws/services/redshift/redshift_service_test.py @@ -78,6 +78,7 @@ class Test_Redshift_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py index 8d86f620..639c061b 100644 --- a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py +++ b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py @@ -34,6 +34,7 @@ class Test_resourceexplorer2_indexes_found: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py index 5c9c897d..a77e93bf 100644 --- a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py +++ b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py @@ -63,6 +63,7 @@ class Test_ResourceExplorer2_Service: audited_regions="us-east-1", organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py b/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py index fe0c979d..fc6c97c3 100644 --- a/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py +++ b/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py @@ -33,6 +33,7 @@ class Test_route53_dangling_ip_subdomain_takeover: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/route53/route53_service_test.py b/tests/providers/aws/services/route53/route53_service_test.py index 1208255c..e316e154 100644 --- a/tests/providers/aws/services/route53/route53_service_test.py +++ b/tests/providers/aws/services/route53/route53_service_test.py @@ -55,6 +55,7 @@ class Test_Route53_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/route53/route53domains_service_test.py b/tests/providers/aws/services/route53/route53domains_service_test.py index 3d3e8b0e..bef6c823 100644 --- a/tests/providers/aws/services/route53/route53domains_service_test.py +++ b/tests/providers/aws/services/route53/route53domains_service_test.py @@ -91,6 +91,7 @@ class Test_Route53_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py b/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py index d63d587d..148b4f56 100644 --- a/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py +++ b/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py @@ -32,6 +32,7 @@ class Test_s3_account_level_public_access_blocks: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py b/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py index e70633a6..f2f0ccad 100644 --- a/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_acl_prohibited: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py b/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py index ec14d0e2..b7b2e38d 100644 --- a/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_default_encryption: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py b/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py index 557cab64..d6de96de 100644 --- a/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_level_public_access_block: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py b/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py index 12c9807b..ff2e7af2 100644 --- a/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_no_mfa_delete: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py b/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py index c9bade1c..e380e6ba 100644 --- a/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_object_lock: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py b/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py index 41961c94..d4137fce 100644 --- a/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_object_versioning: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py b/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py index 3d442bab..950893bd 100644 --- a/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_policy_public_write_access: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py b/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py index 4307dfc1..b9715584 100644 --- a/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_public_access: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py b/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py index 96e83d4b..a2d79a39 100644 --- a/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_secure_transport_policy: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py b/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py index 0d0be267..31a5ffc8 100644 --- a/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_server_access_logging_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_service_test.py b/tests/providers/aws/services/s3/s3_service_test.py index 6c03c8f7..abcd561f 100644 --- a/tests/providers/aws/services/s3/s3_service_test.py +++ b/tests/providers/aws/services/s3/s3_service_test.py @@ -33,6 +33,7 @@ class Test_S3_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py index 916b5e68..8fee084a 100644 --- a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py +++ b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py @@ -125,6 +125,7 @@ class Test_SageMaker_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py b/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py index 6ab7761c..b64153fe 100644 --- a/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py +++ b/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py @@ -48,6 +48,7 @@ class Test_SecretsManager_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/securityhub/securityhub_service_test.py b/tests/providers/aws/services/securityhub/securityhub_service_test.py index 1736c172..47cd6743 100644 --- a/tests/providers/aws/services/securityhub/securityhub_service_test.py +++ b/tests/providers/aws/services/securityhub/securityhub_service_test.py @@ -78,6 +78,7 @@ class Test_SecurityHub_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py index 1f935d6c..6fcefe25 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py @@ -45,6 +45,7 @@ class Test_shield_advanced_protection_in_associated_elastic_ips: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py index 28c69c72..23ce3a20 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py @@ -32,6 +32,7 @@ class Test_shield_advanced_protection_in_classic_load_balancers: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py index 379d8688..d7150b19 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py @@ -45,6 +45,7 @@ class Test_shield_advanced_protection_in_internet_facing_load_balancers: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/shield/shield_service_test.py b/tests/providers/aws/services/shield/shield_service_test.py index 74edd6b2..0e5cc031 100644 --- a/tests/providers/aws/services/shield/shield_service_test.py +++ b/tests/providers/aws/services/shield/shield_service_test.py @@ -55,6 +55,7 @@ class Test_Shield_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/sns/sns_service_test.py b/tests/providers/aws/services/sns/sns_service_test.py index f5dca6fd..cfb15392 100644 --- a/tests/providers/aws/services/sns/sns_service_test.py +++ b/tests/providers/aws/services/sns/sns_service_test.py @@ -69,6 +69,7 @@ class Test_SNS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/sqs/sqs_service_test.py b/tests/providers/aws/services/sqs/sqs_service_test.py index 229cca1e..d97f52c1 100644 --- a/tests/providers/aws/services/sqs/sqs_service_test.py +++ b/tests/providers/aws/services/sqs/sqs_service_test.py @@ -71,6 +71,7 @@ class Test_SQS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ssm/ssm_service_test.py b/tests/providers/aws/services/ssm/ssm_service_test.py index 3f7dda49..301e8b2e 100644 --- a/tests/providers/aws/services/ssm/ssm_service_test.py +++ b/tests/providers/aws/services/ssm/ssm_service_test.py @@ -152,6 +152,7 @@ class Test_SSM_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py b/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py index b5d18dd9..78e06c53 100644 --- a/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py +++ b/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py @@ -88,6 +88,7 @@ class Test_SSMIncidents_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py index 704beaa4..42d12d31 100644 --- a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py +++ b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py @@ -44,6 +44,7 @@ class Test_TrustedAdvisor_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py b/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py index d8dbb104..4a03068b 100644 --- a/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py +++ b/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py @@ -30,6 +30,7 @@ class Test_vpc_different_regions: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py b/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py index 8d4b216f..28a404f9 100644 --- a/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py +++ b/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py @@ -37,6 +37,7 @@ class Test_vpc_endpoint_connections_trust_boundaries: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py b/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py index f7bd0fa9..2be6724b 100644 --- a/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py +++ b/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py @@ -56,6 +56,7 @@ class Test_vpc_endpoint_services_allowed_principals_trust_boundaries: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py b/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py index d210e24e..2ca4cb66 100644 --- a/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py +++ b/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py @@ -30,6 +30,7 @@ class Test_vpc_flow_logs_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py b/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py index 6ffa402c..e41517bd 100644 --- a/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py +++ b/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py @@ -30,6 +30,7 @@ class Test_vpc_peering_routing_tables_with_least_privilege: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_service_test.py b/tests/providers/aws/services/vpc/vpc_service_test.py index 7688cab4..002e0938 100644 --- a/tests/providers/aws/services/vpc/vpc_service_test.py +++ b/tests/providers/aws/services/vpc/vpc_service_test.py @@ -32,6 +32,7 @@ class Test_VPC_Service: audited_regions=["eu-west-1", "us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py b/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py index f936a34b..e329e021 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py @@ -30,6 +30,7 @@ class Test_vpc_subnet_different_az: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py b/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py index ff4acfa7..bcb2a6b2 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py @@ -30,6 +30,7 @@ class Test_vpc_subnet_separate_private_public: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py b/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py index f14272a3..8d23c51d 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py @@ -30,6 +30,7 @@ class Test_vpc_subnet_separate_private_public: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/waf/waf_service_test.py b/tests/providers/aws/services/waf/waf_service_test.py index e903f001..aa597a4f 100644 --- a/tests/providers/aws/services/waf/waf_service_test.py +++ b/tests/providers/aws/services/waf/waf_service_test.py @@ -66,6 +66,7 @@ class Test_WAF_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/wafv2/wafv2_service_test.py b/tests/providers/aws/services/wafv2/wafv2_service_test.py index 8d557151..b679fa61 100644 --- a/tests/providers/aws/services/wafv2/wafv2_service_test.py +++ b/tests/providers/aws/services/wafv2/wafv2_service_test.py @@ -30,6 +30,7 @@ class Test_WAFv2_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py b/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py index 285799b5..6b0a784c 100644 --- a/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py +++ b/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py @@ -74,6 +74,7 @@ class Test_WellArchitected_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/workspaces/workspaces_service_test.py b/tests/providers/aws/services/workspaces/workspaces_service_test.py index b10589d6..6bf24703 100644 --- a/tests/providers/aws/services/workspaces/workspaces_service_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_service_test.py @@ -70,6 +70,7 @@ class Test_WorkSpaces_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py index 04728d89..71fe6108 100644 --- a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py @@ -34,6 +34,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/common/audit_info_test.py b/tests/providers/common/audit_info_test.py index 6f8180df..f80be028 100644 --- a/tests/providers/common/audit_info_test.py +++ b/tests/providers/common/audit_info_test.py @@ -5,7 +5,7 @@ from boto3 import session from mock import patch from moto import mock_ec2, mock_resourcegroupstaggingapi -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info +from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info from prowler.providers.azure.azure_provider import Azure_Provider from prowler.providers.azure.lib.audit_info.models import ( Azure_Audit_Info, @@ -105,10 +105,16 @@ class Test_Set_Audit_Info: profile=None, profile_region="eu-west-1", credentials=None, - assumed_role_info=None, + assumed_role_info=AWS_Assume_Role( + role_arn=None, + session_duration=None, + external_id=None, + mfa_enabled=None, + ), audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/common/common_outputs_test.py b/tests/providers/common/common_outputs_test.py index e9711129..48bbb1dc 100644 --- a/tests/providers/common/common_outputs_test.py +++ b/tests/providers/common/common_outputs_test.py @@ -73,6 +73,7 @@ class Test_Common_Output_Options: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info