Merge branch 'master' into patch-1

checks/check11

@@ -15,6 +15,7 @@ CHECK_TYPE_check11="LEVEL1"
 CHECK_SEVERITY_check11="High"
 CHECK_ASFF_TYPE_check11="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check101="check11"
+CHECK_SERVICENAME_check11="iam"
 
 check11(){
   # "Avoid the use of the root account (Scored)."

checks/check110

@@ -15,6 +15,7 @@ CHECK_TYPE_check110="LEVEL1"
 CHECK_SEVERITY_check110="Medium"
 CHECK_ASFF_TYPE_check110="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check110="check110"
+CHECK_SERVICENAME_check110="iam"
 
 check110(){
   # "Ensure IAM password policy prevents password reuse: 24 or greater (Scored)"

checks/check111

@@ -15,6 +15,7 @@ CHECK_TYPE_check111="LEVEL1"
 CHECK_SEVERITY_check111="Medium"
 CHECK_ASFF_TYPE_check111="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check111="check111"
+CHECK_SERVICENAME_check111="iam"
 
 check111(){
   # "Ensure IAM password policy expires passwords within 90 days or less (Scored)"

checks/check112

@@ -15,6 +15,7 @@ CHECK_TYPE_check112="LEVEL1"
 CHECK_SEVERITY_check112="Critical"
 CHECK_ASFF_TYPE_check112="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check112="check112"
+CHECK_SERVICENAME_check112="iam"
 
 check112(){
   # "Ensure no root account access key exists (Scored)"

checks/check113

@@ -15,6 +15,7 @@ CHECK_TYPE_check113="LEVEL1"
 CHECK_SEVERITY_check113="Critical"
 CHECK_ASFF_TYPE_check113="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check113="check113"
+CHECK_SERVICENAME_check113="iam"
 
 check113(){
   # "Ensure MFA is enabled for the root account (Scored)"

checks/check114

@@ -15,6 +15,7 @@ CHECK_TYPE_check114="LEVEL2"
 CHECK_SEVERITY_check114="Critical"
 CHECK_ASFF_TYPE_check114="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check114="check114"
+CHECK_SERVICENAME_check114="iam"
 
 check114(){
   # "Ensure hardware MFA is enabled for the root account (Scored)"

checks/check115

@@ -15,6 +15,7 @@ CHECK_TYPE_check115="LEVEL1"
 CHECK_SEVERITY_check115="Medium"
 CHECK_ASFF_TYPE_check115="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check115="check115"
+CHECK_SERVICENAME_check115="support"
 
 check115(){
   # "Ensure security questions are registered in the AWS account (Not Scored)"

checks/check116

@@ -17,6 +17,7 @@ CHECK_ASFF_TYPE_check116="Software and Configuration Checks/Industry and Regulat
 CHECK_ASFF_RESOURCE_TYPE_check116="AwsIamUser"
 CHECK_ALTERNATE_check116="check116"
 CHECK_ASFF_COMPLIANCE_TYPE_check116="ens-op.acc.3.aws.iam.1"
+CHECK_SERVICENAME_check116="iam"
 
 check116(){
   # "Ensure IAM policies are attached only to groups or roles (Scored)"

checks/check117

@@ -15,6 +15,7 @@ CHECK_TYPE_check117="LEVEL1"
 CHECK_SEVERITY_check117="Medium"
 CHECK_ASFF_TYPE_check117="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check117="check117"
+CHECK_SERVICENAME_check117="support"
 
 check117(){
   # "Maintain current contact details (Scored)"

checks/check118

@@ -15,6 +15,7 @@ CHECK_TYPE_check118="LEVEL1"
 CHECK_SEVERITY_check118="Medium"
 CHECK_ASFF_TYPE_check118="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check118="check118"
+CHECK_SERVICENAME_check118="support"
 
 check118(){
   # "Ensure security contact information is registered (Scored)"

checks/check119

@@ -16,6 +16,7 @@ CHECK_SEVERITY_check119="Medium"
 CHECK_ASFF_TYPE_check119="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check119="AwsEc2Instance"
 CHECK_ALTERNATE_check119="check119"
+CHECK_SERVICENAME_check119="ec2"
 
 check119(){
   for regx in $REGIONS; do

checks/check12

@@ -17,6 +17,7 @@ CHECK_ASFF_TYPE_check12="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check12="AwsIamUser"
 CHECK_ALTERNATE_check102="check12"
 CHECK_ASFF_COMPLIANCE_TYPE_check12="ens-op.acc.5.aws.iam.1"
+CHECK_SERVICENAME_check12="iam"
 
 check12(){
   # "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"

checks/check120

@@ -17,6 +17,7 @@ CHECK_ASFF_TYPE_check120="Software and Configuration Checks/Industry and Regulat
 CHECK_ASFF_RESOURCE_TYPE_check120="AwsIamRole"
 CHECK_ALTERNATE_check120="check120"
 CHECK_ASFF_COMPLIANCE_TYPE_check120="ens-op.acc.1.aws.iam.4"
+CHECK_SERVICENAME_check120="iam"
 
 check120(){
   # "Ensure a support role has been created to manage incidents with AWS Support (Scored)"

checks/check121

@@ -17,6 +17,7 @@ CHECK_ASFF_TYPE_check121="Software and Configuration Checks/Industry and Regulat
 CHECK_ASFF_RESOURCE_TYPE_check121="AwsIamUser"
 CHECK_ALTERNATE_check121="check121"
 CHECK_ASFF_COMPLIANCE_TYPE_check121="ens-op.acc.1.aws.iam.5"
+CHECK_SERVICENAME_check121="iam"
 
 check121(){
   # "Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)"

checks/check122

@@ -16,6 +16,7 @@ CHECK_SEVERITY_check122="Medium"
 CHECK_ASFF_TYPE_check122="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check122="AwsIamPolicy"
 CHECK_ALTERNATE_check122="check122"
+CHECK_SERVICENAME_check122="iam"
 
 check122(){
   # "Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)"

checks/check13

@@ -16,7 +16,8 @@ CHECK_SEVERITY_check13="Medium"
 CHECK_ASFF_TYPE_check13="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check13="AwsIamUser"
 CHECK_ALTERNATE_check103="check13"
-CHECK_ASFF_COMPLIANCE_TYPE_check13="ens-op.acc.1.aws.iam.3,ens-op.acc.5.aws.iam.4"
+CHECK_ASFF_COMPLIANCE_TYPE_check13="ens-op.acc.1.aws.iam.3 ens-op.acc.5.aws.iam.4"
+CHECK_SERVICENAME_check13="iam"
 
 check13(){
   check_creds_used_in_last_days 90

checks/check14

@@ -16,7 +16,8 @@ CHECK_SEVERITY_check14="Medium"
 CHECK_ASFF_TYPE_check14="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check14="AwsIamUser"
 CHECK_ALTERNATE_check104="check14"
-CHECK_ASFF_COMPLIANCE_TYPE_check14="ens-op.acc.1.aws.iam.4,ens-op.acc.5.aws.iam.3"
+CHECK_ASFF_COMPLIANCE_TYPE_check14="ens-op.acc.1.aws.iam.4 ens-op.acc.5.aws.iam.3"
+CHECK_SERVICENAME_check14="iam"
 
 check14(){
   # "Ensure access keys are rotated every 90 days or less (Scored)" # also checked by Security Monkey

checks/check15

@@ -15,6 +15,7 @@ CHECK_TYPE_check15="LEVEL1"
 CHECK_SEVERITY_check15="Medium"
 CHECK_ASFF_TYPE_check15="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check105="check15"
+CHECK_SERVICENAME_check15="iam"
 
 check15(){
   # "Ensure IAM password policy requires at least one uppercase letter (Scored)"

checks/check16

@@ -12,9 +12,10 @@ CHECK_ID_check16="1.6"
 CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter (Scored)"
 CHECK_SCORED_check16="SCORED"
 CHECK_TYPE_check16="LEVEL1"
-CHECK_SEVERITY_check16="medium"
+CHECK_SEVERITY_check16="Medium"
 CHECK_ASFF_TYPE_check16="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check106="check16"
+CHECK_SERVICENAME_check16="iam"
 
 check16(){
   # "Ensure IAM password policy require at least one lowercase letter (Scored)"

checks/check17

@@ -15,6 +15,7 @@ CHECK_TYPE_check17="LEVEL1"
 CHECK_SEVERITY_check17="Medium"
 CHECK_ASFF_TYPE_check17="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check107="check17"
+CHECK_SERVICENAME_check17="iam"
 
 check17(){
   # "Ensure IAM password policy require at least one symbol (Scored)"

checks/check18

@@ -15,6 +15,7 @@ CHECK_TYPE_check18="LEVEL1"
 CHECK_SEVERITY_check18="Medium"
 CHECK_ASFF_TYPE_check18="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check108="check18"
+CHECK_SERVICENAME_check18="iam"
 
 check18(){
   # "Ensure IAM password policy require at least one number (Scored)"

checks/check19

@@ -15,6 +15,7 @@ CHECK_TYPE_check19="LEVEL1"
 CHECK_SEVERITY_check19="Medium"
 CHECK_ASFF_TYPE_check19="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check109="check19"
+CHECK_SERVICENAME_check19="iam"
 
 check19(){
   # "Ensure IAM password policy requires minimum length of 14 or greater (Scored)"

checks/check21

@@ -16,32 +16,34 @@ CHECK_SEVERITY_check21="High"
 CHECK_ASFF_TYPE_check21="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check21="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check201="check21"
-CHECK_ASFF_COMPLIANCE_TYPE_check21="ens-op.acc.7.aws.iam.1,ens-op.mon.1.aws.trail.1"
+CHECK_ASFF_COMPLIANCE_TYPE_check21="ens-op.acc.7.aws.iam.1 ens-op.mon.1.aws.trail.1"
+CHECK_SERVICENAME_check21="cloudtrail"
 
 check21(){
   trail_count=0
   # "Ensure CloudTrail is enabled in all regions (Scored)"
-	for regx in $REGIONS; do
-		LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].Name' --output text --no-include-shadow-trails)
-		if [[ $LIST_OF_TRAILS ]];then
-			for trail in $LIST_OF_TRAILS;do
-				trail_count=$((trail_count + 1))
-				MULTIREGION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].IsMultiRegionTrail' --output text --trail-name-list $trail)
-				if [[ "$MULTIREGION_TRAIL_STATUS" == 'False' ]];then
-					textFail "$trail trail in $regx is not enabled in multi region mode"
-				else
-					textPass "$trail trail in $regx is enabled for all regions"
-				fi
-			done
-		fi
-	done
+  for regx in $REGIONS; do
+    TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text | tr "	" ',')
+    if [[ $TRAILS_AND_REGIONS ]]; then
+      for reg_trail in $TRAILS_AND_REGIONS; do
+        TRAIL_REGION=$(echo $reg_trail | cut -d',' -f1)
+        if [ $TRAIL_REGION != $regx ]; then # Only report trails once in home region
+          continue
+        fi
+        trail=$(echo $reg_trail | cut -d',' -f2)
+        trail_count=$((trail_count + 1))
 
-	if [[ $trail_count == 0 ]]; then
-	  ORG_TRAIL=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region us-east-1 | jq '.trailList[] | select(.IsMultiRegionTrail and .IsOrganizationTrail) | .Name' | sed 's/"//g')
-	  if [[ $ORG_TRAIL != "" ]]; then
-      textPass "$ORG_TRAIL trail in $regx is enabled for all regions"
-    else
-      textFail "No CloudTrail trails were found in the account"
+        MULTIREGION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $TRAIL_REGION --query 'trailList[*].IsMultiRegionTrail' --output text --trail-name-list $trail)
+        if [[ "$MULTIREGION_TRAIL_STATUS" == 'False' ]];then
+          textFail "Trail $trail in $regx is not enabled for all regions"
+        else
+          textPass "Trail $trail in $regx is enabled for all regions"
+        fi
+
+      done
     fi
+  done
+  if [[ $trail_count == 0 ]]; then
+    textFail "No CloudTrail trails were found in the account"
   fi
-}
+}

checks/check22

@@ -17,21 +17,33 @@ CHECK_ASFF_TYPE_check22="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check22="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check202="check22"
 CHECK_ASFF_COMPLIANCE_TYPE_check22="ens-op.exp.10.aws.trail.1"
+CHECK_SERVICENAME_check22="cloudtrail"
 
 check22(){
+  trail_count=0
   # "Ensure CloudTrail log file validation is enabled (Scored)"
+  for regx in $REGIONS; do
+    TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text | tr "	" ',')
+    if [[ $TRAILS_AND_REGIONS ]]; then
+      for reg_trail in $TRAILS_AND_REGIONS; do
+        TRAIL_REGION=$(echo $reg_trail | cut -d',' -f1)
+        if [ $TRAIL_REGION != $regx ]; then # Only report trails once in home region
+          continue
+        fi
+        trail=$(echo $reg_trail | cut -d',' -f2)
+        trail_count=$((trail_count + 1))
 
-	for regx in $REGIONS; do
-	LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].Name' --output text --no-include-shadow-trails)
-	if [[ $LIST_OF_TRAILS ]];then
-		for trail in $LIST_OF_TRAILS;do
-		LOGFILEVALIDATION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].LogFileValidationEnabled' --output text --trail-name-list $trail)
-		if [[ "$LOGFILEVALIDATION_TRAIL_STATUS" == 'False' ]];then
-			textFail "$trail trail in $regx has not log file validation enabled"
-		else
-			textPass "$trail trail in $regx has log file validation enabled"
-		fi
-		done
-	fi
-	done
+        LOGFILEVALIDATION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $TRAIL_REGION --query 'trailList[*].LogFileValidationEnabled' --output text --trail-name-list $trail)
+        if [[ "$LOGFILEVALIDATION_TRAIL_STATUS" == 'False' ]];then
+          textFail "Trail $trail in $regx has not log file validation enabled"
+        else
+          textPass "Trail $trail in $regx has log file validation enabled"
+        fi
+
+      done
+    fi
+  done
+  if [[ $trail_count == 0 ]]; then
+    textFail "No CloudTrail trails were found in the account"
+  fi
 }

checks/check23

@@ -16,7 +16,8 @@ CHECK_SEVERITY_check23="Critical"
 CHECK_ASFF_TYPE_check23="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check23="AwsS3Bucket"
 CHECK_ALTERNATE_check203="check23"
-CHECK_ASFF_COMPLIANCE_TYPE_check23="ens-op.exp.10.aws.trail.3,ens-op.exp.10.aws.trail.4"
+CHECK_ASFF_COMPLIANCE_TYPE_check23="ens-op.exp.10.aws.trail.3 ens-op.exp.10.aws.trail.4"
+CHECK_SERVICENAME_check23="cloudtrail"
 
 check23(){
   # "Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"

checks/check24

@@ -17,28 +17,39 @@ CHECK_ASFF_TYPE_check24="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check24="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check204="check24"
 CHECK_ASFF_COMPLIANCE_TYPE_check24="ens-op.exp.8.aws.cw.1"
+CHECK_SERVICENAME_check24="cloudtrail"
 
 check24(){
+  trail_count=0
   # "Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"
-  TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].{Name:Name, HomeRegion:HomeRegion}' --output text | tr "	" ',')
-  if [[ $TRAILS_AND_REGIONS ]];then
-    for reg_trail in $TRAILS_AND_REGIONS;do
-      trail=$(echo $reg_trail | cut -d',' -f2)
-      TRAIL_REGION=$(echo $reg_trail | cut -d',' -f1)
-      LATESTDELIVERY_TIMESTAMP=$($AWSCLI cloudtrail get-trail-status --name $trail $PROFILE_OPT --region $TRAIL_REGION --query 'LatestCloudWatchLogsDeliveryTime' --output text|grep -v None)
-      if [[ ! $LATESTDELIVERY_TIMESTAMP ]];then
-        textFail "$trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)"
-      else
-        LATESTDELIVERY_DATE=$(timestamp_to_date $LATESTDELIVERY_TIMESTAMP)
-        HOWOLDER=$(how_older_from_today $LATESTDELIVERY_DATE)
-        if [ $HOWOLDER -gt "1" ];then
+  for regx in $REGIONS; do
+    TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text | tr "	" ',')
+    if [[ $TRAILS_AND_REGIONS ]]; then
+      for reg_trail in $TRAILS_AND_REGIONS; do
+        TRAIL_REGION=$(echo $reg_trail | cut -d',' -f1)
+        if [ $TRAIL_REGION != $regx ]; then # Only report trails once in home region
+          continue
+        fi
+        trail=$(echo $reg_trail | cut -d',' -f2)
+        trail_count=$((trail_count + 1))
+
+        LATESTDELIVERY_TIMESTAMP=$($AWSCLI cloudtrail get-trail-status --name $trail $PROFILE_OPT --region $TRAIL_REGION --query 'LatestCloudWatchLogsDeliveryTime' --output text|grep -v None)
+        if [[ ! $LATESTDELIVERY_TIMESTAMP ]];then
           textFail "$trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)"
         else
-          textPass "$trail trail has been logging during the last 24h (it is in $TRAIL_REGION)"
+          LATESTDELIVERY_DATE=$(timestamp_to_date $LATESTDELIVERY_TIMESTAMP)
+          HOWOLDER=$(how_older_from_today $LATESTDELIVERY_DATE)
+          if [ $HOWOLDER -gt "1" ];then
+            textFail "$trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)"
+          else
+            textPass "$trail trail has been logging during the last 24h (it is in $TRAIL_REGION)"
+          fi
         fi
-      fi
-    done
-  else
-    textFail "No CloudTrail trails found!"
+
+      done
+    fi
+  done
+  if [[ $trail_count == 0 ]]; then
+    textFail "No CloudTrail trails were found in the account"
   fi
 }

checks/check25

@@ -16,6 +16,7 @@ CHECK_SEVERITY_check25="Medium"
 CHECK_ASFF_TYPE_check25="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check205="check25"
 CHECK_ASFF_COMPLIANCE_TYPE_check25="ens-op.exp.1.aws.cfg.1"
+CHECK_SERVICENAME_check25="configservice"
 
 check25(){
   # "Ensure AWS Config is enabled in all regions (Scored)"

checks/check26

@@ -16,6 +16,7 @@ CHECK_SEVERITY_check26="Medium"
 CHECK_ASFF_TYPE_check26="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check26="AwsS3Bucket"
 CHECK_ALTERNATE_check206="check26"
+CHECK_SERVICENAME_check26="s3"
 
 check26(){
   # "Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"

checks/check27

@@ -17,18 +17,32 @@ CHECK_ASFF_TYPE_check27="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check27="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check207="check27"
 CHECK_ASFF_COMPLIANCE_TYPE_check27="ens-op.exp.10.aws.trail.5"
+CHECK_SERVICENAME_check27="cloudtrail"
 
 check27(){
+  trail_count=0
   # "Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"
-  $AWSCLI cloudtrail describe-trails --query 'trailList[].[Name,KmsKeyId]' --output text $PROFILE_OPT --region $REGION | while read trail key; do
-    if [[ "$trail" ]] ; then
-        if [[ "$key" != "None" ]] ; then
-            textPass "KMS key found for $trail"
-        else
-            textFail "Encryption is not enabled in your CloudTrail trail $trail (KMS key not found)!"
+  for regx in $REGIONS; do
+    TRAILS_AND_REGIONS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].{Name:TrailARN, HomeRegion:HomeRegion}' --output text | tr "	" ',')
+    if [[ $TRAILS_AND_REGIONS ]]; then
+      for reg_trail in $TRAILS_AND_REGIONS; do
+        TRAIL_REGION=$(echo $reg_trail | cut -d',' -f1)
+        if [ $TRAIL_REGION != $regx ]; then # Only report trails once in home region
+          continue
         fi
-    else
-        textFail "CloudTrail bucket doesn't exist!"
+        trail=$(echo $reg_trail | cut -d',' -f2)
+        trail_count=$((trail_count + 1))
+
+        KMSKEYID=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $TRAIL_REGION --query 'trailList[*].KmsKeyId' --output text --trail-name-list $trail)
+        if [[ "$KMSKEYID" ]];then
+          textPass "Trail $trail in $regx has encryption enabled"
+        else
+          textFail "Trail $trail in $regx has encryption disabled"
+        fi
+      done
     fi
   done
+  if [[ $trail_count == 0 ]]; then
+    textFail "No CloudTrail trails were found in the account"
+  fi
 }

checks/check28

@@ -9,13 +9,14 @@
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
 CHECK_ID_check28="2.8"
-CHECK_TITLE_check28="[check28] Ensure rotation for customer created CMKs is enabled (Scored)"
+CHECK_TITLE_check28="[check28] Ensure rotation for customer created KMS CMKs is enabled (Scored)"
 CHECK_SCORED_check28="SCORED"
 CHECK_TYPE_check28="LEVEL2"
 CHECK_SEVERITY_check28="Medium"
 CHECK_ASFF_TYPE_check28="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check28="AwsKmsKey"
 CHECK_ALTERNATE_check208="check28"
+CHECK_SERVICENAME_check28="kms"
 
 check28(){
   # "Ensure rotation for customer created CMKs is enabled (Scored)"

checks/check29

@@ -17,6 +17,7 @@ CHECK_ASFF_TYPE_check29="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check29="AwsEc2Vpc"
 CHECK_ALTERNATE_check209="check29"
 CHECK_ASFF_COMPLIANCE_TYPE_check29="ens-op.mon.1.aws.flow.1"
+CHECK_SERVICENAME_check29="vpc"
 
 check29(){
   # "Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"

checks/check31

@@ -42,6 +42,7 @@ CHECK_ASFF_TYPE_check31="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check31="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check301="check31"
 CHECK_ASFF_COMPLIANCE_TYPE_check31="ens-op.exp.8.aws.trail.2"
+CHECK_SERVICENAME_check31="iam"
 
 check31(){
   check3x '\$\.errorCode\s*=\s*"\*UnauthorizedOperation".+\$\.errorCode\s*=\s*"AccessDenied\*"'

checks/check310

@@ -41,6 +41,7 @@ CHECK_SEVERITY_check310="Medium"
 CHECK_ASFF_TYPE_check310="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check310="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check310="check310"
+CHECK_SERVICENAME_check310="ec2"
 
 check310(){
   check3x '\$\.eventName\s*=\s*AuthorizeSecurityGroupIngress.+\$\.eventName\s*=\s*AuthorizeSecurityGroupEgress.+\$\.eventName\s*=\s*RevokeSecurityGroupIngress.+\$\.eventName\s*=\s*RevokeSecurityGroupEgress.+\$\.eventName\s*=\s*CreateSecurityGroup.+\$\.eventName\s*=\s*DeleteSecurityGroup'

checks/check311

@@ -41,6 +41,7 @@ CHECK_SEVERITY_check311="Medium"
 CHECK_ASFF_TYPE_check311="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check311="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check311="check311"
+CHECK_SERVICENAME_check311="vpc"
 
 check311(){
   check3x '\$\.eventName\s*=\s*CreateNetworkAcl.+\$\.eventName\s*=\s*CreateNetworkAclEntry.+\$\.eventName\s*=\s*DeleteNetworkAcl.+\$\.eventName\s*=\s*DeleteNetworkAclEntry.+\$\.eventName\s*=\s*ReplaceNetworkAclEntry.+\$\.eventName\s*=\s*ReplaceNetworkAclAssociation'

checks/check312

@@ -41,6 +41,7 @@ CHECK_SEVERITY_check312="Medium"
 CHECK_ASFF_TYPE_check312="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check312="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check312="check312"
+CHECK_SERVICENAME_check312="vpc"
 
 check312(){
   check3x '\$\.eventName\s*=\s*CreateCustomerGateway.+\$\.eventName\s*=\s*DeleteCustomerGateway.+\$\.eventName\s*=\s*AttachInternetGateway.+\$\.eventName\s*=\s*CreateInternetGateway.+\$\.eventName\s*=\s*DeleteInternetGateway.+\$\.eventName\s*=\s*DetachInternetGateway'

checks/check313

@@ -41,6 +41,7 @@ CHECK_SEVERITY_check313="Medium"
 CHECK_ASFF_TYPE_check313="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check313="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check313="check313"
+CHECK_SERVICENAME_check313="vpc"
 
 check313(){
   check3x '\$\.eventName\s*=\s*CreateRoute.+\$\.eventName\s*=\s*CreateRouteTable.+\$\.eventName\s*=\s*ReplaceRoute.+\$\.eventName\s*=\s*ReplaceRouteTableAssociation.+\$\.eventName\s*=\s*DeleteRouteTable.+\$\.eventName\s*=\s*DeleteRoute.+\$\.eventName\s*=\s*DisassociateRouteTable'

checks/check314

@@ -41,6 +41,7 @@ CHECK_SEVERITY_check314="Medium"
 CHECK_ASFF_TYPE_check314="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check314="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check314="check314"
+CHECK_SERVICENAME_check314="vpc"
 
 check314(){
   check3x '\$\.eventName\s*=\s*CreateVpc.+\$\.eventName\s*=\s*DeleteVpc.+\$\.eventName\s*=\s*ModifyVpcAttribute.+\$\.eventName\s*=\s*AcceptVpcPeeringConnection.+\$\.eventName\s*=\s*CreateVpcPeeringConnection.+\$\.eventName\s*=\s*DeleteVpcPeeringConnection.+\$\.eventName\s*=\s*RejectVpcPeeringConnection.+\$\.eventName\s*=\s*AttachClassicLinkVpc.+\$\.eventName\s*=\s*DetachClassicLinkVpc.+\$\.eventName\s*=\s*DisableVpcClassicLink.+\$\.eventName\s*=\s*EnableVpcClassicLink'

checks/check32

@@ -42,6 +42,7 @@ CHECK_ASFF_TYPE_check32="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check32="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check302="check32"
 CHECK_ASFF_COMPLIANCE_TYPE_check32="ens-op.exp.8.aws.trail.4"
+CHECK_SERVICENAME_check32="iam"
 
 check32(){
   check3x '\$\.eventName\s*=\s*"ConsoleLogin".+\$\.additionalEventData\.MFAUsed\s*!=\s*"Yes"'

checks/check33

@@ -42,6 +42,7 @@ CHECK_ASFF_TYPE_check33="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check33="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check303="check33"
 CHECK_ASFF_COMPLIANCE_TYPE_check33="ens-op.exp.8.aws.trail.5"
+CHECK_SERVICENAME_check33="iam"
 
 check33(){
   check3x '\$\.userIdentity\.type\s*=\s*"Root".+\$\.userIdentity\.invokedBy NOT EXISTS.+\$\.eventType\s*!=\s*"AwsServiceEvent"'

checks/check34

@@ -42,6 +42,7 @@ CHECK_ASFF_TYPE_check34="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check34="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check304="check34"
 CHECK_ASFF_COMPLIANCE_TYPE_check34="ens-op.exp.8.aws.trail.6"
+CHECK_SERVICENAME_check34="iam"
 
 check34(){
   check3x '\$\.eventName\s*=\s*DeleteGroupPolicy.+\$\.eventName\s*=\s*DeleteRolePolicy.+\$\.eventName\s*=\s*DeleteUserPolicy.+\$\.eventName\s*=\s*PutGroupPolicy.+\$\.eventName\s*=\s*PutRolePolicy.+\$\.eventName\s*=\s*PutUserPolicy.+\$\.eventName\s*=\s*CreatePolicy.+\$\.eventName\s*=\s*DeletePolicy.+\$\.eventName\s*=\s*CreatePolicyVersion.+\$\.eventName\s*=\s*DeletePolicyVersion.+\$\.eventName\s*=\s*AttachRolePolicy.+\$\.eventName\s*=\s*DetachRolePolicy.+\$\.eventName\s*=\s*AttachUserPolicy.+\$\.eventName\s*=\s*DetachUserPolicy.+\$\.eventName\s*=\s*AttachGroupPolicy.+\$\.eventName\s*=\s*DetachGroupPolicy'

checks/check35

@@ -42,6 +42,7 @@ CHECK_ASFF_TYPE_check35="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check35="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check305="check35"
 CHECK_ASFF_COMPLIANCE_TYPE_check35="ens-op.exp.8.aws.trail.1"
+CHECK_SERVICENAME_check35="cloudtrail"
 
 check35(){
   check3x '\$\.eventName\s*=\s*CreateTrail.+\$\.eventName\s*=\s*UpdateTrail.+\$\.eventName\s*=\s*DeleteTrail.+\$\.eventName\s*=\s*StartLogging.+\$\.eventName\s*=\s*StopLogging'

checks/check36

@@ -42,6 +42,7 @@ CHECK_ASFF_TYPE_check36="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check36="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check306="check36"
 CHECK_ASFF_COMPLIANCE_TYPE_check36="ens-op.exp.8.aws.trail.3"
+CHECK_SERVICENAME_check36="iam"
 
 check36(){
   check3x '\$\.eventName\s*=\s*ConsoleLogin.+\$\.errorMessage\s*=\s*"Failed authentication"'

checks/check37

@@ -34,7 +34,7 @@
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
 CHECK_ID_check37="3.7"
-CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"
+CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs (Scored)"
 CHECK_SCORED_check37="SCORED"
 CHECK_TYPE_check37="LEVEL2"
 CHECK_SEVERITY_check37="Medium"
@@ -42,6 +42,7 @@ CHECK_ASFF_TYPE_check37="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check37="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check307="check37"
 CHECK_ASFF_COMPLIANCE_TYPE_check37="ens-op.exp.11.aws.kms.1"
+CHECK_SERVICENAME_check37="kms"
 
 check37(){
   check3x '\$\.eventSource\s*=\s*kms.amazonaws.com.+\$\.eventName\s*=\s*DisableKey.+\$\.eventName\s*=\s*ScheduleKeyDeletion'

checks/check38

@@ -41,6 +41,7 @@ CHECK_SEVERITY_check38="Medium"
 CHECK_ASFF_TYPE_check38="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check38="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check308="check38"
+CHECK_SERVICENAME_check38="s3"
 
 check38(){
   check3x '\$\.eventSource\s*=\s*s3.amazonaws.com.+\$\.eventName\s*=\s*PutBucketAcl.+\$\.eventName\s*=\s*PutBucketPolicy.+\$\.eventName\s*=\s*PutBucketCors.+\$\.eventName\s*=\s*PutBucketLifecycle.+\$\.eventName\s*=\s*PutBucketReplication.+\$\.eventName\s*=\s*DeleteBucketPolicy.+\$\.eventName\s*=\s*DeleteBucketCors.+\$\.eventName\s*=\s*DeleteBucketLifecycle.+\$\.eventName\s*=\s*DeleteBucketReplication'

checks/check39

@@ -41,6 +41,7 @@ CHECK_SEVERITY_check39="Medium"
 CHECK_ASFF_TYPE_check39="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check39="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check309="check39"
+CHECK_SERVICENAME_check39="configservice"
 
 check39(){
   check3x '\$\.eventSource\s*=\s*config.amazonaws.com.+\$\.eventName\s*=\s*StopConfigurationRecorder.+\$\.eventName\s*=\s*DeleteDeliveryChannel.+\$\.eventName\s*=\s*PutDeliveryChannel.+\$\.eventName\s*=\s*PutConfigurationRecorder'

checks/check41

@@ -17,6 +17,7 @@ CHECK_ASFF_TYPE_check41="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check41="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check401="check41"
 CHECK_ASFF_COMPLIANCE_TYPE_check41="ens-mp.com.4.aws.sg.4"
+CHECK_SERVICENAME_check41="ec2"
 
 check41(){
   # "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)"

checks/check42

@@ -17,6 +17,7 @@ CHECK_ASFF_TYPE_check42="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check42="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check402="check42"
 CHECK_ASFF_COMPLIANCE_TYPE_check42="ens-mp.com.4.aws.sg.5"
+CHECK_SERVICENAME_check42="ec2"
 
 check42(){
   # "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)"

checks/check43

@@ -17,13 +17,14 @@ CHECK_ASFF_TYPE_check43="Software and Configuration Checks/Industry and Regulato
 CHECK_ASFF_RESOURCE_TYPE_check43="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check403="check43"
 CHECK_ASFF_COMPLIANCE_TYPE_check43="ens-mp.com.4.aws.sg.1"
+CHECK_SERVICENAME_check43="ec2"
 
 check43(){
   # "Ensure the default security group of every VPC restricts all traffic (Scored)"
   for regx in $REGIONS; do
     CHECK_SGDEFAULT_IDS=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --filters Name=group-name,Values='default' --query 'SecurityGroups[*].GroupId[]' --output text)
     for CHECK_SGDEFAULT_ID in $CHECK_SGDEFAULT_IDS; do
-      CHECK_SGDEFAULT_ID_OPEN=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --group-ids $CHECK_SGDEFAULT_ID --query 'SecurityGroups[*].{IpPermissions:IpPermissions,IpPermissionsEgress:IpPermissionsEgress,GroupId:GroupId}' --output text |egrep '0.0.0.0|\:\:\/0')
+      CHECK_SGDEFAULT_ID_OPEN=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --group-ids $CHECK_SGDEFAULT_ID --query 'SecurityGroups[*].{IpPermissions:IpPermissions,IpPermissionsEgress:IpPermissionsEgress,GroupId:GroupId}' --output text |egrep ' 0.0.0.0|\:\:\/0')
       if [[ $CHECK_SGDEFAULT_ID_OPEN ]];then
         textFail "Default Security Groups ($CHECK_SGDEFAULT_ID) found that allow 0.0.0.0 IN or OUT traffic in Region $regx" "$regx"
       else

checks/check44

@@ -16,6 +16,7 @@ CHECK_SEVERITY_check44="Medium"
 CHECK_ASFF_TYPE_check44="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check44="AwsEc2Vpc"
 CHECK_ALTERNATE_check404="check44"
+CHECK_SERVICENAME_check44="vpc"
 
 check44(){
   # "Ensure routing tables for VPC peering are \"least access\" (Not Scored)"

checks/check_extra71

@@ -20,6 +20,7 @@ CHECK_ALTERNATE_extra701="extra71"
 CHECK_ALTERNATE_check71="extra71"
 CHECK_ALTERNATE_check701="extra71"
 CHECK_ASFF_COMPLIANCE_TYPE_extra71="ens-op.exp.10.aws.trail.2"
+CHECK_SERVICENAME_extra71="iam"
 
 extra71(){
   # "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"

checks/check_extra710

@@ -18,6 +18,7 @@ CHECK_SEVERITY_extra710="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra710="AwsEc2Instance"
 CHECK_ALTERNATE_check710="extra710"
 CHECK_ASFF_COMPLIANCE_TYPE_extra710="ens-mp.com.4.aws.vpc.1"
+CHECK_SERVICENAME_extra710="ec2"
 
 extra710(){
   # "Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)"

checks/check_extra7100

@@ -22,6 +22,7 @@ CHECK_SEVERITY_extra7100="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra7100="AwsIamPolicy"
 CHECK_ALTERNATE_check7100="extra7100"
 CHECK_ASFF_COMPLIANCE_TYPE_extra7100="ens-op.acc.2.aws.iam.1"
+CHECK_SERVICENAME_extra7100="iam"
 
 extra7100(){
   # "Ensure that no custom policies exist which permit assuming any role (e.g. sts:AssumeRole on *)"

checks/check_extra7101

@@ -17,6 +17,7 @@ CHECK_TYPE_extra7101="EXTRA"
 CHECK_SEVERITY_extra7101="Low"
 CHECK_ASFF_RESOURCE_TYPE_extra7101="AwsElasticsearchDomain"
 CHECK_ALTERNATE_check7101="extra7101"
+CHECK_SERVICENAME_extra7101="es"
 
 # More info 
 # Works for  Amazon Elasticsearch Service domains (version 6.7+) with Fine Grained Access Control enabled 

checks/check_extra7102

@@ -17,6 +17,7 @@ CHECK_TYPE_extra7102="EXTRA"
 CHECK_SEVERITY_extra7102="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7102="AwsEc2Eip"
 CHECK_ALTERNATE_check7102="extra7102"
+CHECK_SERVICENAME_extra7102="ec2"
 
 # Watch out, always use Shodan API key, if you use `curl https://www.shodan.io/host/{ip}` massively 
 # your IP will be banned by Shodan

checks/check_extra7103

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7103="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7103="AwsSageMakerNotebookInstance"
 CHECK_ALTERNATE_check7103="extra7103"
 CHECK_SEVERITY_extra7103="Medium"
+CHECK_SERVICENAME_extra7103="sagemaker"
 
 extra7103(){
     for regx in ${REGIONS}; do

checks/check_extra7104

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7104="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7104="AwsSageMakerNotebookInstance"
 CHECK_ALTERNATE_check7104="extra7104"
 CHECK_SEVERITY_extra7104="Medium"
+CHECK_SERVICENAME_extra7104="sagemaker"
 
 extra7104(){
     for regx in ${REGIONS}; do

checks/check_extra7105

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7105="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7105="AwsSageMakerModel"
 CHECK_ALTERNATE_check7105="extra7105"
 CHECK_SEVERITY_extra7105="Medium"
+CHECK_SERVICENAME_extra7105="sagemaker"
 	
 extra7105(){
 	for regx in ${REGIONS}; do

checks/check_extra7106

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7106="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7106="AwsSageMakerModel"
 CHECK_ALTERNATE_check7106="extra7106"
 CHECK_SEVERITY_extra7106="Medium"
+CHECK_SERVICENAME_extra7106="sagemaker"
     
 extra7106(){
     for regx in ${REGIONS}; do

checks/check_extra7107

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7107="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7107="AwsSageMakerNotebookInstance"
 CHECK_ALTERNATE_check7107="extra7107"
 CHECK_SEVERITY_extra7107="Medium"
+CHECK_SERVICENAME_extra7107="sagemaker"
     
 extra7107(){
     for regx in ${REGIONS}; do

checks/check_extra7108

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7108="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7108="AwsSageMakerNotebookInstance"
 CHECK_ALTERNATE_check7108="extra7108"
 CHECK_SEVERITY_extra7108="Medium"
+CHECK_SERVICENAME_extra7108="sagemaker"
     
 extra7108(){
     for regx in ${REGIONS}; do

checks/check_extra7109

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7109="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7109="AwsSageMakerNotebookInstance"
 CHECK_ALTERNATE_check7109="extra7109"
 CHECK_SEVERITY_extra7109="Medium"
+CHECK_SERVICENAME_extra7109="sagemaker"
     
 extra7109(){
     for regx in ${REGIONS}; do

checks/check_extra711

@@ -17,6 +17,7 @@ CHECK_TYPE_extra711="EXTRA"
 CHECK_SEVERITY_extra711="High"
 CHECK_ASFF_RESOURCE_TYPE_extra711="AwsRedshiftCluster"
 CHECK_ALTERNATE_check711="extra711"
+CHECK_SERVICENAME_extra711="redshift"
 
 extra711(){
   # "Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)"

checks/check_extra7110

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7110="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7110="AwsSageMakerNotebookInstance"
 CHECK_ALTERNATE_check7110="extra7110"
 CHECK_SEVERITY_extra7110="Medium"
+CHECK_SERVICENAME_extra7110="sagemaker"
     
 extra7110(){
     for regx in ${REGIONS}; do

checks/check_extra7111

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7111="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7111="AwsSageMakerNotebookInstance"
 CHECK_ALTERNATE_check7111="extra7111"
 CHECK_SEVERITY_extra7111="Medium"
+CHECK_SERVICENAME_extra7111="sagemaker"
 
 extra7111(){
     for regx in ${REGIONS}; do

checks/check_extra7112

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7112="EXTRA"
 CHECK_ASFF_RESOURCE_TYPE_extra7112="AwsSageMakerNotebookInstance"
 CHECK_ALTERNATE_check7112="extra7112"
 CHECK_SEVERITY_extra7112="Medium"
+CHECK_SERVICENAME_extra7112="sagemaker"
 
 extra7112(){
     for regx in ${REGIONS}; do

checks/check_extra7113

@@ -29,6 +29,7 @@ CHECK_TYPE_extra7113="EXTRA"
 CHECK_SEVERITY_extra7113="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7113="AwsRdsDbInstance"
 CHECK_ALTERNATE_check7113="extra7113"
+CHECK_SERVICENAME_extra7113="rds"
 
 extra7113(){
   textInfo "Looking for RDS Volumes in all regions...  "

checks/check_extra7114

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7114="EXTRA"
 CHECK_SEVERITY_extra7114="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7114="AwsGlue"
 CHECK_ALTERNATE_check7114="extra7114"
+CHECK_SERVICENAME_extra7114="glue"
 
 extra7114(){
   for regx in $REGIONS; do

checks/check_extra7115

@@ -17,6 +17,7 @@ CHECK_TYPE_extra7115="EXTRA"
 CHECK_SEVERITY_extra7115="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7115="AwsGlue"
 CHECK_ALTERNATE_check7115="extra7115"
+CHECK_SERVICENAME_extra7115="glue"
 
 extra7115(){
   for regx in $REGIONS; do

checks/check_extra7116

@@ -17,6 +17,7 @@ CHECK_TYPE_extra7116="EXTRA"
 CHECK_SEVERITY_extra7116="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7116="AwsGlue"
 CHECK_ALTERNATE_check7116="extra7116"
+CHECK_SERVICENAME_extra7116="glue"
 
 extra7116(){
   for regx in $REGIONS; do

checks/check_extra7117

@@ -17,6 +17,7 @@ CHECK_TYPE_extra7117="EXTRA"
 CHECK_SEVERITY_extra7117="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7117="AwsGlue"
 CHECK_ALTERNATE_check7117="extra7117"
+CHECK_SERVICENAME_extra7117="glue"
 
 extra7117(){
   for regx in $REGIONS; do

checks/check_extra7118

@@ -17,6 +17,7 @@ CHECK_TYPE_extra7118="EXTRA"
 CHECK_SEVERITY_extra7118="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7118="AwsGlue"
 CHECK_ALTERNATE_check7118="extra7118"
+CHECK_SERVICENAME_extra7118="glue"
 
 extra7118(){
   for regx in $REGIONS; do

checks/check_extra7119

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7119="EXTRA"
 CHECK_SEVERITY_extra7119="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7119="AwsGlue"
 CHECK_ALTERNATE_check7119="extra7119"
+CHECK_SERVICENAME_extra7119="glue"
 
 extra7119(){
   for regx in $REGIONS; do

checks/check_extra712

@@ -16,6 +16,8 @@ CHECK_SCORED_extra712="NOT_SCORED"
 CHECK_TYPE_extra712="EXTRA"
 CHECK_SEVERITY_extra712="Low"
 CHECK_ALTERNATE_check712="extra712"
+CHECK_ASFF_RESOURCE_TYPE_extra712="AwsMacieSession"
+CHECK_SERVICENAME_extra712="macie"
 
  extra712(){ 
    textInfo "No API commands available to check if Macie is enabled," 

checks/check_extra7120

@@ -17,6 +17,7 @@ CHECK_TYPE_extra7120="EXTRA"
 CHECK_SEVERITY_extra7120="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7120="AwsGlue"
 CHECK_ALTERNATE_check7120="extra7120"
+CHECK_SERVICENAME_extra7120="glue"
 
 extra7120(){
   for regx in $REGIONS; do

checks/check_extra7121

@@ -18,6 +18,7 @@ CHECK_TYPE_extra7121="EXTRA"
 CHECK_SEVERITY_extra7121="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7121="AwsGlue"
 CHECK_ALTERNATE_check7121="extra7121"
+CHECK_SERVICENAME_extra7121="glue"
 
 extra7121(){
   for regx in $REGIONS; do

checks/check_extra7122

@@ -17,6 +17,7 @@ CHECK_TYPE_extra7122="EXTRA"
 CHECK_SEVERITY_extra7122="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7122="AwsGlue"
 CHECK_ALTERNATE_check7122="extra7122"
+CHECK_SERVICENAME_extra7122="glue"
 
 extra7122(){
   for regx in $REGIONS; do

checks/check_extra7123

@@ -19,6 +19,7 @@ CHECK_ASFF_TYPE_extra7123="Software and Configuration Checks/Industry and Regula
 CHECK_ASFF_RESOURCE_TYPE_extra7123="AwsIamUser"
 CHECK_ALTERNATE_check7123="extra7123"
 CHECK_ASFF_COMPLIANCE_TYPE_extra7123="ens-op.acc.1.aws.iam.2"
+CHECK_SERVICENAME_extra7123="iam"
 
 extra7123(){
   LIST_OF_USERS_WITH_2ACCESS_KEYS=$(cat $TEMP_REPORT_FILE| awk -F, '{ print $1, $9, $14 }' |grep "\ true\ true" | awk '{ print $1 }')

checks/check_extra7124

@@ -17,7 +17,8 @@ CHECK_TYPE_extra7124="EXTRA"
 CHECK_SEVERITY_extra7124="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7124="AwsEc2Instance"
 CHECK_ALTERNATE_check7124="extra7124"
-CHECK_ASFF_COMPLIANCE_TYPE_extra7124="ens-op.exp.1.aws.sys.1,ens-op.acc.4.aws.sys.1"
+CHECK_ASFF_COMPLIANCE_TYPE_extra7124="ens-op.exp.1.aws.sys.1 ens-op.acc.4.aws.sys.1"
+CHECK_SERVICENAME_extra7124="ssm"
 
 extra7124(){
   for regx in $REGIONS; do
@@ -40,4 +41,4 @@ extra7124(){
       textInfo "$regx: No EC2 instances running found" "$regx"
     fi
   done
-}
+}

checks/check_extra7125

@@ -18,6 +18,7 @@ CHECK_SEVERITY_extra7125="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7125="AwsIamUser"
 CHECK_ALTERNATE_check7125="extra7125"
 CHECK_ASFF_COMPLIANCE_TYPE_extra7125="ens-op.acc.5.aws.iam.2"
+CHECK_SERVICENAME_extra7125="iam"
 
 extra7125(){
   LIST_USERS=$($AWSCLI iam list-users --query 'Users[*].UserName' --output text $PROFILE_OPT --region $REGION)

checks/check_extra7126

@@ -18,6 +18,7 @@ CHECK_SEVERITY_extra7126="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7126="AwsKmsKey"
 CHECK_ALTERNATE_check7126="extra7126"
 CHECK_ASFF_COMPLIANCE_TYPE_extra7126="op.exp.11.aws.kms.2"
+CHECK_SERVICENAME_extra7126="kms"
 
 extra7126(){
   for regx in $REGIONS; do

checks/check_extra7127

@@ -18,7 +18,8 @@ CHECK_SEVERITY_extra7127="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7127="AwsEc2Instance"
 CHECK_ASFF_TYPE_extra7127="Software and Configuration Checks/ENS op.exp.4.aws.sys.1"
 CHECK_ALTERNATE_check7127="extra7127"
-CHECK_ASFF_COMPLIANCE_TYPE_extra7127="ens-op.exp.1.aws.sys.1,ens-op.exp.4.aws.sys.1"
+CHECK_ASFF_COMPLIANCE_TYPE_extra7127="ens-op.exp.1.aws.sys.1 ens-op.exp.4.aws.sys.1"
+CHECK_SERVICENAME_extra7127="ssm"
 
 
 extra7127(){
@@ -40,4 +41,4 @@ extra7127(){
       textInfo "$regx: No EC2 managed instances found" "$regx"
     fi
   done
-}
+}

checks/check_extra7128

@@ -18,6 +18,7 @@ CHECK_SEVERITY_extra7128="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7128="AwsDynamoDBTable"
 CHECK_ALTERNATE_check7128="extra7128"
 CHECK_ASFF_COMPLIANCE_TYPE_extra7128="ens-mp.info.3.aws.dyndb.1"
+CHECK_SERVICENAME_extra7128="dynamodb"
 
 extra7128(){
   for regx in $REGIONS; do

checks/check_extra7129

@@ -18,6 +18,7 @@ CHECK_SEVERITY_extra7129="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra7129="AwsElasticLoadBalancingV2LoadBalancer"
 CHECK_ALTERNATE_check7129="extra7129"
 CHECK_ASFF_COMPLIANCE_TYPE_extra7129="ens-mp.s.2.aws.waf.3"
+CHECK_SERVICENAME_extra7129="elb"
 
 extra7129(){
   for regx in $REGIONS; do

checks/check_extra713

@@ -17,6 +17,8 @@ CHECK_TYPE_extra713="EXTRA"
 CHECK_SEVERITY_extra713="High"
 CHECK_ALTERNATE_check713="extra713"
 CHECK_ASFF_COMPLIANCE_TYPE_extra713="ens-op.mon.1.aws.duty.1"
+CHECK_ASFF_RESOURCE_TYPE_extra713="AwsGuardDutyDetector"
+CHECK_SERVICENAME_extra713="guardduty"
 
 extra713(){
   # "Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"

checks/check_extra7130

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+CHECK_ID_extra7130="7.130"
+CHECK_TITLE_extra7130="[extra7130] Ensure there are no SNS Topics unencrypted"
+CHECK_SCORED_extra7130="NOT_SCORED"
+CHECK_TYPE_extra7130="EXTRA"
+CHECK_SEVERITY_extra7130="Medium"
+CHECK_ASFF_RESOURCE_TYPE_extra7130="AwsSnsTopic"
+CHECK_ALTERNATE_check7130="extra7130"
+CHECK_SERVICENAME_extra7130="sns"
+
+extra7130(){
+  textInfo "Looking for SNS Topics in all regions...  "
+  for regx in $REGIONS; do
+    LIST_SNS=$($AWSCLI sns list-topics $PROFILE_OPT --region $regx --query 'Topics[*].TopicArn' --output text)
+    if [[ $LIST_SNS ]];then
+      for topic in $LIST_SNS; do
+        SHORT_TOPIC=$(echo $topic | awk -F ":" '{print $NF}')
+        SNS_ENCRYPTION=$($AWSCLI sns get-topic-attributes $PROFILE_OPT --region $regx --topic-arn $topic --query 'Attributes.KmsMasterKeyId' --output text)
+        if [[ "None" == $SNS_ENCRYPTION ]]; then
+          textFail "$regx: $SHORT_TOPIC is not encrypted!" "$regx"
+        else
+          textPass "$regx: $SHORT_TOPIC is encrypted" "$regx"
+        fi
+      done
+    else
+      textInfo "$regx: No SNS topic found" "$regx"
+    fi
+  done
+}

checks/check_extra7131

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra7131="7.131"
+CHECK_TITLE_extra7131="[extra7131] Ensure RDS instances have minor version upgrade enabled"
+CHECK_SCORED_extra7131="NOT_SCORED"
+CHECK_TYPE_extra7131="EXTRA"
+CHECK_SEVERITY_extra7131="Low"
+CHECK_ASFF_RESOURCE_TYPE_extra7131="AwsRdsDbInstance"
+CHECK_ALTERNATE_check7131="extra7131"
+CHECK_SERVICENAME_extra7131="rds"
+
+extra7131(){
+  for regx in $REGIONS; do
+    # LIST_OF_RDS_PUBLIC_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[?PubliclyAccessible==`true` && DBInstanceStatus==`"available"`].[DBInstanceIdentifier,Endpoint.Address]' --output text)
+    LIST_OF_RDS_INSTANCES=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --query 'DBInstances[*].[DBInstanceIdentifier,AutoMinorVersionUpgrade]'  --output text)
+    if [[ $LIST_OF_RDS_INSTANCES ]];then
+      while read -r rds_instance;do
+        RDS_NAME=$(echo $rds_instance | awk '{ print $1; }')
+        RDS_AUTOMINORUPGRADE_FLAG=$(echo $rds_instance | awk '{ print $2; }')
+        if [[ $RDS_AUTOMINORUPGRADE_FLAG == "True" ]];then 
+            textPass "$regx: RDS instance: $RDS_NAME is has minor version upgrade enabled" "$regx"
+        else
+            textFail "$regx: RDS instance: $RDS_NAME does not have minor version upgrade enabled" "$regx"
+        fi
+      done <<< "$LIST_OF_RDS_INSTANCES"
+      else
+        textInfo "$regx: no RDS instances found" "$regx"
+    fi
+  done
+}

checks/check_extra714

@@ -17,6 +17,7 @@ CHECK_TYPE_extra714="EXTRA"
 CHECK_SEVERITY_extra714="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra714="AwsCloudFrontDistribution"
 CHECK_ALTERNATE_check714="extra714"
+CHECK_SERVICENAME_extra714="cloudfront"
 
 extra714(){
   # "Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"

checks/check_extra715

@@ -17,6 +17,7 @@ CHECK_TYPE_extra715="EXTRA"
 CHECK_SEVERITY_extra715="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra715="AwsElasticsearchDomain"
 CHECK_ALTERNATE_check715="extra715"
+CHECK_SERVICENAME_extra715="es"
 
 extra715(){
   for regx in $REGIONS; do

checks/check_extra716

@@ -17,6 +17,7 @@ CHECK_TYPE_extra716="EXTRA"
 CHECK_SEVERITY_extra716="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra716="AwsElasticsearchDomain"
 CHECK_ALTERNATE_check716="extra716"
+CHECK_SERVICENAME_extra716="es"
 
 extra716(){
   for regx in $REGIONS; do

checks/check_extra717

@@ -17,6 +17,7 @@ CHECK_TYPE_extra717="EXTRA"
 CHECK_SEVERITY_extra717="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra717="AwsElbLoadBalancer"
 CHECK_ALTERNATE_check717="extra717"
+CHECK_SERVICENAME_extra717="elb"
 
 extra717(){
   # "Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)"

checks/check_extra718

@@ -17,6 +17,7 @@ CHECK_TYPE_extra718="EXTRA"
 CHECK_SEVERITY_extra718="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra718="AwsS3Bucket"
 CHECK_ALTERNATE_check718="extra718"
+CHECK_SERVICENAME_extra718="s3"
 
 extra718(){
   # "Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)"

checks/check_extra719

@@ -16,6 +16,8 @@ CHECK_SCORED_extra719="NOT_SCORED"
 CHECK_TYPE_extra719="EXTRA"
 CHECK_SEVERITY_extra719="Medium"
 CHECK_ALTERNATE_check719="extra719"
+CHECK_ASFF_RESOURCE_TYPE_extra719="AwsRoute53HostedZone"
+CHECK_SERVICENAME_extra719="route53"
 
 extra719(){
   # You can't create a query logging config for a private hosted zone.

checks/check_extra72

@@ -19,6 +19,7 @@ CHECK_ASFF_RESOURCE_TYPE_extra72="AwsEc2Snapshot"
 CHECK_ALTERNATE_extra702="extra72"
 CHECK_ALTERNATE_check72="extra72"
 CHECK_ALTERNATE_check702="extra72"
+CHECK_SERVICENAME_check72="ec2"
 
 extra72(){
   # "Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"

checks/check_extra720

@@ -17,6 +17,7 @@ CHECK_TYPE_extra720="EXTRA"
 CHECK_SEVERITY_extra720="Low"
 CHECK_ASFF_RESOURCE_TYPE_extra720="AwsLambdaFunction"
 CHECK_ALTERNATE_check720="extra720"
+CHECK_SERVICENAME_extra720="lambda"
 
 extra720(){
   # "Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)"

checks/check_extra721

@@ -17,6 +17,7 @@ CHECK_TYPE_extra721="EXTRA"
 CHECK_SEVERITY_extra721="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra721="AwsRedshiftCluster"
 CHECK_ALTERNATE_check721="extra721"
+CHECK_SERVICENAME_extra721="redshift"
 
 extra721(){
   # "Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)"

checks/check_extra722

@@ -17,6 +17,7 @@ CHECK_TYPE_extra722="EXTRA"
 CHECK_SEVERITY_extra722="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra722="AwsApiGatewayRestApi"
 CHECK_ALTERNATE_check722="extra722"
+CHECK_SERVICENAME_extra722="apigateway"
 
 extra722(){
   # "Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)"

checks/check_extra723

@@ -17,6 +17,7 @@ CHECK_TYPE_extra723="EXTRA"
 CHECK_SEVERITY_extra723="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra723="AwsRdsDbSnapshot"
 CHECK_ALTERNATE_check723="extra723"
+CHECK_SERVICENAME_extra723="rds"
 
 extra723(){
   # "Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)"

checks/check_extra724

@@ -17,6 +17,7 @@ CHECK_TYPE_extra724="EXTRA"
 CHECK_SEVERITY_extra724="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra724="AwsCertificateManagerCertificate"
 CHECK_ALTERNATE_check724="extra724"
+CHECK_SERVICENAME_extra724="acm"
 
 extra724(){
   # "Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)"

checks/check_extra725

@@ -18,6 +18,8 @@ CHECK_TYPE_extra725="EXTRA"
 CHECK_SEVERITY_extra725="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra725="AwsS3Bucket"
 CHECK_ALTERNATE_check725="extra725"
+CHECK_SERVICENAME_extra725="s3"
+
 
 # per Object-level logging is not configured at Bucket level but at CloudTrail trail level
 extra725(){

checks/check_extra726

@@ -17,6 +17,7 @@ CHECK_SCORED_extra726="NOT_SCORED"
 CHECK_TYPE_extra726="EXTRA"
 CHECK_SEVERITY_extra726="Medium"
 CHECK_ALTERNATE_check726="extra726"
+CHECK_SERVICENAME_extra726="trustedadvisor"
 
 extra726(){
   trap "exit" INT