diff --git a/providers_old/aws/checks/accessanalyzer/check_extra769 b/providers/aws/services/accessanalyzer/check_extra769 similarity index 100% rename from providers_old/aws/checks/accessanalyzer/check_extra769 rename to providers/aws/services/accessanalyzer/check_extra769 diff --git a/providers_old/aws/checks/acm/check_extra724 b/providers/aws/services/acm/check_extra724 similarity index 100% rename from providers_old/aws/checks/acm/check_extra724 rename to providers/aws/services/acm/check_extra724 diff --git a/providers_old/aws/checks/acm/check_extra730 b/providers/aws/services/acm/check_extra730 similarity index 100% rename from providers_old/aws/checks/acm/check_extra730 rename to providers/aws/services/acm/check_extra730 diff --git a/providers_old/aws/checks/apigateway/check_extra7156 b/providers/aws/services/apigateway/check_extra7156 similarity index 100% rename from providers_old/aws/checks/apigateway/check_extra7156 rename to providers/aws/services/apigateway/check_extra7156 diff --git a/providers_old/aws/checks/apigateway/check_extra7157 b/providers/aws/services/apigateway/check_extra7157 similarity index 100% rename from providers_old/aws/checks/apigateway/check_extra7157 rename to providers/aws/services/apigateway/check_extra7157 diff --git a/providers_old/aws/checks/apigateway/check_extra722 b/providers/aws/services/apigateway/check_extra722 similarity index 100% rename from providers_old/aws/checks/apigateway/check_extra722 rename to providers/aws/services/apigateway/check_extra722 diff --git a/providers_old/aws/checks/apigateway/check_extra743 b/providers/aws/services/apigateway/check_extra743 similarity index 100% rename from providers_old/aws/checks/apigateway/check_extra743 rename to providers/aws/services/apigateway/check_extra743 diff --git a/providers_old/aws/checks/apigateway/check_extra744 b/providers/aws/services/apigateway/check_extra744 similarity index 100% rename from providers_old/aws/checks/apigateway/check_extra744 rename to providers/aws/services/apigateway/check_extra744 diff --git a/providers_old/aws/checks/apigateway/check_extra745 b/providers/aws/services/apigateway/check_extra745 similarity index 100% rename from providers_old/aws/checks/apigateway/check_extra745 rename to providers/aws/services/apigateway/check_extra745 diff --git a/providers_old/aws/checks/apigateway/check_extra746 b/providers/aws/services/apigateway/check_extra746 similarity index 100% rename from providers_old/aws/checks/apigateway/check_extra746 rename to providers/aws/services/apigateway/check_extra746 diff --git a/providers_old/aws/checks/autoscaling/check_extra775 b/providers/aws/services/autoscaling/check_extra775 similarity index 100% rename from providers_old/aws/checks/autoscaling/check_extra775 rename to providers/aws/services/autoscaling/check_extra775 diff --git a/providers_old/aws/checks/cloudformation/check_extra7154 b/providers/aws/services/cloudformation/check_extra7154 similarity index 100% rename from providers_old/aws/checks/cloudformation/check_extra7154 rename to providers/aws/services/cloudformation/check_extra7154 diff --git a/providers_old/aws/checks/cloudformation/check_extra742 b/providers/aws/services/cloudformation/check_extra742 similarity index 100% rename from providers_old/aws/checks/cloudformation/check_extra742 rename to providers/aws/services/cloudformation/check_extra742 diff --git a/providers_old/aws/checks/cloudfront/check_extra714 b/providers/aws/services/cloudfront/check_extra714 similarity index 100% rename from providers_old/aws/checks/cloudfront/check_extra714 rename to providers/aws/services/cloudfront/check_extra714 diff --git a/providers_old/aws/checks/cloudfront/check_extra732 b/providers/aws/services/cloudfront/check_extra732 similarity index 100% rename from providers_old/aws/checks/cloudfront/check_extra732 rename to providers/aws/services/cloudfront/check_extra732 diff --git a/providers_old/aws/checks/cloudfront/check_extra738 b/providers/aws/services/cloudfront/check_extra738 similarity index 100% rename from providers_old/aws/checks/cloudfront/check_extra738 rename to providers/aws/services/cloudfront/check_extra738 diff --git a/providers_old/aws/checks/cloudfront/check_extra767 b/providers/aws/services/cloudfront/check_extra767 similarity index 100% rename from providers_old/aws/checks/cloudfront/check_extra767 rename to providers/aws/services/cloudfront/check_extra767 diff --git a/providers_old/aws/checks/cloudfront/check_extra773 b/providers/aws/services/cloudfront/check_extra773 similarity index 100% rename from providers_old/aws/checks/cloudfront/check_extra773 rename to providers/aws/services/cloudfront/check_extra773 diff --git a/providers_old/aws/checks/cloudfront/check_extra791 b/providers/aws/services/cloudfront/check_extra791 similarity index 100% rename from providers_old/aws/checks/cloudfront/check_extra791 rename to providers/aws/services/cloudfront/check_extra791 diff --git a/providers_old/aws/checks/cloudtrail/check21 b/providers/aws/services/cloudtrail/check21 similarity index 100% rename from providers_old/aws/checks/cloudtrail/check21 rename to providers/aws/services/cloudtrail/check21 diff --git a/providers_old/aws/checks/cloudtrail/check22 b/providers/aws/services/cloudtrail/check22 similarity index 100% rename from providers_old/aws/checks/cloudtrail/check22 rename to providers/aws/services/cloudtrail/check22 diff --git a/providers_old/aws/checks/cloudtrail/check23 b/providers/aws/services/cloudtrail/check23 similarity index 100% rename from providers_old/aws/checks/cloudtrail/check23 rename to providers/aws/services/cloudtrail/check23 diff --git a/providers_old/aws/checks/cloudtrail/check24 b/providers/aws/services/cloudtrail/check24 similarity index 100% rename from providers_old/aws/checks/cloudtrail/check24 rename to providers/aws/services/cloudtrail/check24 diff --git a/providers_old/aws/checks/cloudtrail/check27 b/providers/aws/services/cloudtrail/check27 similarity index 100% rename from providers_old/aws/checks/cloudtrail/check27 rename to providers/aws/services/cloudtrail/check27 diff --git a/providers_old/aws/checks/cloudtrail/check35 b/providers/aws/services/cloudtrail/check35 similarity index 100% rename from providers_old/aws/checks/cloudtrail/check35 rename to providers/aws/services/cloudtrail/check35 diff --git a/providers_old/aws/checks/cloudwatch/check_extra7144 b/providers/aws/services/cloudwatch/check_extra7144 similarity index 100% rename from providers_old/aws/checks/cloudwatch/check_extra7144 rename to providers/aws/services/cloudwatch/check_extra7144 diff --git a/providers_old/aws/checks/cloudwatch/check_extra7162 b/providers/aws/services/cloudwatch/check_extra7162 similarity index 100% rename from providers_old/aws/checks/cloudwatch/check_extra7162 rename to providers/aws/services/cloudwatch/check_extra7162 diff --git a/providers_old/aws/checks/cloudwatch/check_extra7164 b/providers/aws/services/cloudwatch/check_extra7164 similarity index 100% rename from providers_old/aws/checks/cloudwatch/check_extra7164 rename to providers/aws/services/cloudwatch/check_extra7164 diff --git a/providers_old/aws/checks/codebuild/check_extra7174 b/providers/aws/services/codebuild/check_extra7174 similarity index 100% rename from providers_old/aws/checks/codebuild/check_extra7174 rename to providers/aws/services/codebuild/check_extra7174 diff --git a/providers_old/aws/checks/codebuild/check_extra7175 b/providers/aws/services/codebuild/check_extra7175 similarity index 100% rename from providers_old/aws/checks/codebuild/check_extra7175 rename to providers/aws/services/codebuild/check_extra7175 diff --git a/providers_old/aws/checks/config/check25 b/providers/aws/services/config/check25 similarity index 100% rename from providers_old/aws/checks/config/check25 rename to providers/aws/services/config/check25 diff --git a/providers_old/aws/checks/config/check39 b/providers/aws/services/config/check39 similarity index 100% rename from providers_old/aws/checks/config/check39 rename to providers/aws/services/config/check39 diff --git a/providers_old/aws/checks/custom/custom-defined-check/custom-defined-check.sh b/providers/aws/services/custom/custom-defined-check/custom-defined-check.sh similarity index 100% rename from providers_old/aws/checks/custom/custom-defined-check/custom-defined-check.sh rename to providers/aws/services/custom/custom-defined-check/custom-defined-check.sh diff --git a/providers_old/aws/checks/custom/sample-check/sample-check.sh b/providers/aws/services/custom/sample-check/sample-check.sh similarity index 100% rename from providers_old/aws/checks/custom/sample-check/sample-check.sh rename to providers/aws/services/custom/sample-check/sample-check.sh diff --git a/providers_old/aws/checks/dynamodb/check_extra7128 b/providers/aws/services/dynamodb/check_extra7128 similarity index 100% rename from providers_old/aws/checks/dynamodb/check_extra7128 rename to providers/aws/services/dynamodb/check_extra7128 diff --git a/providers_old/aws/checks/dynamodb/check_extra7151 b/providers/aws/services/dynamodb/check_extra7151 similarity index 100% rename from providers_old/aws/checks/dynamodb/check_extra7151 rename to providers/aws/services/dynamodb/check_extra7151 diff --git a/providers_old/aws/checks/dynamodb/check_extra7165 b/providers/aws/services/dynamodb/check_extra7165 similarity index 100% rename from providers_old/aws/checks/dynamodb/check_extra7165 rename to providers/aws/services/dynamodb/check_extra7165 diff --git a/providers_old/aws/checks/ec2/check119 b/providers/aws/services/ec2/check119 similarity index 100% rename from providers_old/aws/checks/ec2/check119 rename to providers/aws/services/ec2/check119 diff --git a/providers_old/aws/checks/ec2/check310 b/providers/aws/services/ec2/check310 similarity index 100% rename from providers_old/aws/checks/ec2/check310 rename to providers/aws/services/ec2/check310 diff --git a/providers_old/aws/checks/ec2/check41 b/providers/aws/services/ec2/check41 similarity index 100% rename from providers_old/aws/checks/ec2/check41 rename to providers/aws/services/ec2/check41 diff --git a/providers_old/aws/checks/ec2/check42 b/providers/aws/services/ec2/check42 similarity index 100% rename from providers_old/aws/checks/ec2/check42 rename to providers/aws/services/ec2/check42 diff --git a/providers_old/aws/checks/ec2/check43 b/providers/aws/services/ec2/check43 similarity index 100% rename from providers_old/aws/checks/ec2/check43 rename to providers/aws/services/ec2/check43 diff --git a/providers_old/aws/checks/ec2/check45 b/providers/aws/services/ec2/check45 similarity index 100% rename from providers_old/aws/checks/ec2/check45 rename to providers/aws/services/ec2/check45 diff --git a/providers_old/aws/checks/ec2/check46 b/providers/aws/services/ec2/check46 similarity index 100% rename from providers_old/aws/checks/ec2/check46 rename to providers/aws/services/ec2/check46 diff --git a/providers_old/aws/checks/ec2/check_extra710 b/providers/aws/services/ec2/check_extra710 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra710 rename to providers/aws/services/ec2/check_extra710 diff --git a/providers_old/aws/checks/ec2/check_extra7102 b/providers/aws/services/ec2/check_extra7102 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra7102 rename to providers/aws/services/ec2/check_extra7102 diff --git a/providers_old/aws/checks/ec2/check_extra7134 b/providers/aws/services/ec2/check_extra7134 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra7134 rename to providers/aws/services/ec2/check_extra7134 diff --git a/providers_old/aws/checks/ec2/check_extra7135 b/providers/aws/services/ec2/check_extra7135 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra7135 rename to providers/aws/services/ec2/check_extra7135 diff --git a/providers_old/aws/checks/ec2/check_extra7136 b/providers/aws/services/ec2/check_extra7136 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra7136 rename to providers/aws/services/ec2/check_extra7136 diff --git a/providers_old/aws/checks/ec2/check_extra7137 b/providers/aws/services/ec2/check_extra7137 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra7137 rename to providers/aws/services/ec2/check_extra7137 diff --git a/providers_old/aws/checks/ec2/check_extra7138 b/providers/aws/services/ec2/check_extra7138 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra7138 rename to providers/aws/services/ec2/check_extra7138 diff --git a/providers_old/aws/checks/ec2/check_extra7146 b/providers/aws/services/ec2/check_extra7146 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra7146 rename to providers/aws/services/ec2/check_extra7146 diff --git a/providers_old/aws/checks/ec2/check_extra7173 b/providers/aws/services/ec2/check_extra7173 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra7173 rename to providers/aws/services/ec2/check_extra7173 diff --git a/providers_old/aws/checks/ec2/check_extra72 b/providers/aws/services/ec2/check_extra72 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra72 rename to providers/aws/services/ec2/check_extra72 diff --git a/providers_old/aws/checks/ec2/check_extra729 b/providers/aws/services/ec2/check_extra729 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra729 rename to providers/aws/services/ec2/check_extra729 diff --git a/providers_old/aws/checks/ec2/check_extra74 b/providers/aws/services/ec2/check_extra74 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra74 rename to providers/aws/services/ec2/check_extra74 diff --git a/providers_old/aws/checks/ec2/check_extra740 b/providers/aws/services/ec2/check_extra740 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra740 rename to providers/aws/services/ec2/check_extra740 diff --git a/providers_old/aws/checks/ec2/check_extra741 b/providers/aws/services/ec2/check_extra741 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra741 rename to providers/aws/services/ec2/check_extra741 diff --git a/providers_old/aws/checks/ec2/check_extra748 b/providers/aws/services/ec2/check_extra748 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra748 rename to providers/aws/services/ec2/check_extra748 diff --git a/providers_old/aws/checks/ec2/check_extra749 b/providers/aws/services/ec2/check_extra749 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra749 rename to providers/aws/services/ec2/check_extra749 diff --git a/providers_old/aws/checks/ec2/check_extra75 b/providers/aws/services/ec2/check_extra75 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra75 rename to providers/aws/services/ec2/check_extra75 diff --git a/providers_old/aws/checks/ec2/check_extra750 b/providers/aws/services/ec2/check_extra750 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra750 rename to providers/aws/services/ec2/check_extra750 diff --git a/providers_old/aws/checks/ec2/check_extra751 b/providers/aws/services/ec2/check_extra751 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra751 rename to providers/aws/services/ec2/check_extra751 diff --git a/providers_old/aws/checks/ec2/check_extra752 b/providers/aws/services/ec2/check_extra752 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra752 rename to providers/aws/services/ec2/check_extra752 diff --git a/providers_old/aws/checks/ec2/check_extra753 b/providers/aws/services/ec2/check_extra753 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra753 rename to providers/aws/services/ec2/check_extra753 diff --git a/providers_old/aws/checks/ec2/check_extra754 b/providers/aws/services/ec2/check_extra754 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra754 rename to providers/aws/services/ec2/check_extra754 diff --git a/providers_old/aws/checks/ec2/check_extra755 b/providers/aws/services/ec2/check_extra755 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra755 rename to providers/aws/services/ec2/check_extra755 diff --git a/providers_old/aws/checks/ec2/check_extra757 b/providers/aws/services/ec2/check_extra757 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra757 rename to providers/aws/services/ec2/check_extra757 diff --git a/providers_old/aws/checks/ec2/check_extra758 b/providers/aws/services/ec2/check_extra758 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra758 rename to providers/aws/services/ec2/check_extra758 diff --git a/providers_old/aws/checks/ec2/check_extra76 b/providers/aws/services/ec2/check_extra76 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra76 rename to providers/aws/services/ec2/check_extra76 diff --git a/providers_old/aws/checks/ec2/check_extra761 b/providers/aws/services/ec2/check_extra761 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra761 rename to providers/aws/services/ec2/check_extra761 diff --git a/providers_old/aws/checks/ec2/check_extra770 b/providers/aws/services/ec2/check_extra770 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra770 rename to providers/aws/services/ec2/check_extra770 diff --git a/providers_old/aws/checks/ec2/check_extra772 b/providers/aws/services/ec2/check_extra772 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra772 rename to providers/aws/services/ec2/check_extra772 diff --git a/providers_old/aws/checks/ec2/check_extra777 b/providers/aws/services/ec2/check_extra777 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra777 rename to providers/aws/services/ec2/check_extra777 diff --git a/providers_old/aws/checks/ec2/check_extra778 b/providers/aws/services/ec2/check_extra778 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra778 rename to providers/aws/services/ec2/check_extra778 diff --git a/providers_old/aws/checks/ec2/check_extra779 b/providers/aws/services/ec2/check_extra779 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra779 rename to providers/aws/services/ec2/check_extra779 diff --git a/providers_old/aws/checks/ec2/check_extra786 b/providers/aws/services/ec2/check_extra786 similarity index 100% rename from providers_old/aws/checks/ec2/check_extra786 rename to providers/aws/services/ec2/check_extra786 diff --git a/providers_old/aws/checks/ecr/check_extra765 b/providers/aws/services/ecr/check_extra765 similarity index 100% rename from providers_old/aws/checks/ecr/check_extra765 rename to providers/aws/services/ecr/check_extra765 diff --git a/providers_old/aws/checks/ecr/check_extra77 b/providers/aws/services/ecr/check_extra77 similarity index 100% rename from providers_old/aws/checks/ecr/check_extra77 rename to providers/aws/services/ecr/check_extra77 diff --git a/providers_old/aws/checks/ecr/check_extra776 b/providers/aws/services/ecr/check_extra776 similarity index 100% rename from providers_old/aws/checks/ecr/check_extra776 rename to providers/aws/services/ecr/check_extra776 diff --git a/providers_old/aws/checks/ecs/check_extra768 b/providers/aws/services/ecs/check_extra768 similarity index 100% rename from providers_old/aws/checks/ecs/check_extra768 rename to providers/aws/services/ecs/check_extra768 diff --git a/providers_old/aws/checks/efs/check_extra7143 b/providers/aws/services/efs/check_extra7143 similarity index 100% rename from providers_old/aws/checks/efs/check_extra7143 rename to providers/aws/services/efs/check_extra7143 diff --git a/providers_old/aws/checks/efs/check_extra7148 b/providers/aws/services/efs/check_extra7148 similarity index 100% rename from providers_old/aws/checks/efs/check_extra7148 rename to providers/aws/services/efs/check_extra7148 diff --git a/providers_old/aws/checks/efs/check_extra7161 b/providers/aws/services/efs/check_extra7161 similarity index 100% rename from providers_old/aws/checks/efs/check_extra7161 rename to providers/aws/services/efs/check_extra7161 diff --git a/providers_old/aws/checks/eks/check_extra794 b/providers/aws/services/eks/check_extra794 similarity index 100% rename from providers_old/aws/checks/eks/check_extra794 rename to providers/aws/services/eks/check_extra794 diff --git a/providers_old/aws/checks/eks/check_extra795 b/providers/aws/services/eks/check_extra795 similarity index 100% rename from providers_old/aws/checks/eks/check_extra795 rename to providers/aws/services/eks/check_extra795 diff --git a/providers_old/aws/checks/eks/check_extra796 b/providers/aws/services/eks/check_extra796 similarity index 100% rename from providers_old/aws/checks/eks/check_extra796 rename to providers/aws/services/eks/check_extra796 diff --git a/providers_old/aws/checks/eks/check_extra797 b/providers/aws/services/eks/check_extra797 similarity index 100% rename from providers_old/aws/checks/eks/check_extra797 rename to providers/aws/services/eks/check_extra797 diff --git a/providers_old/aws/checks/elb/check_extra7129 b/providers/aws/services/elb/check_extra7129 similarity index 100% rename from providers_old/aws/checks/elb/check_extra7129 rename to providers/aws/services/elb/check_extra7129 diff --git a/providers_old/aws/checks/elb/check_extra7142 b/providers/aws/services/elb/check_extra7142 similarity index 100% rename from providers_old/aws/checks/elb/check_extra7142 rename to providers/aws/services/elb/check_extra7142 diff --git a/providers_old/aws/checks/elb/check_extra7150 b/providers/aws/services/elb/check_extra7150 similarity index 100% rename from providers_old/aws/checks/elb/check_extra7150 rename to providers/aws/services/elb/check_extra7150 diff --git a/providers_old/aws/checks/elb/check_extra7155 b/providers/aws/services/elb/check_extra7155 similarity index 100% rename from providers_old/aws/checks/elb/check_extra7155 rename to providers/aws/services/elb/check_extra7155 diff --git a/providers_old/aws/checks/elb/check_extra7158 b/providers/aws/services/elb/check_extra7158 similarity index 100% rename from providers_old/aws/checks/elb/check_extra7158 rename to providers/aws/services/elb/check_extra7158 diff --git a/providers_old/aws/checks/elb/check_extra7159 b/providers/aws/services/elb/check_extra7159 similarity index 100% rename from providers_old/aws/checks/elb/check_extra7159 rename to providers/aws/services/elb/check_extra7159 diff --git a/providers_old/aws/checks/elb/check_extra717 b/providers/aws/services/elb/check_extra717 similarity index 100% rename from providers_old/aws/checks/elb/check_extra717 rename to providers/aws/services/elb/check_extra717 diff --git a/providers_old/aws/checks/elb/check_extra79 b/providers/aws/services/elb/check_extra79 similarity index 100% rename from providers_old/aws/checks/elb/check_extra79 rename to providers/aws/services/elb/check_extra79 diff --git a/providers_old/aws/checks/elb/check_extra792 b/providers/aws/services/elb/check_extra792 similarity index 100% rename from providers_old/aws/checks/elb/check_extra792 rename to providers/aws/services/elb/check_extra792 diff --git a/providers_old/aws/checks/elb/check_extra793 b/providers/aws/services/elb/check_extra793 similarity index 100% rename from providers_old/aws/checks/elb/check_extra793 rename to providers/aws/services/elb/check_extra793 diff --git a/providers_old/aws/checks/emr/check_extra7176 b/providers/aws/services/emr/check_extra7176 similarity index 100% rename from providers_old/aws/checks/emr/check_extra7176 rename to providers/aws/services/emr/check_extra7176 diff --git a/providers_old/aws/checks/emr/check_extra7177 b/providers/aws/services/emr/check_extra7177 similarity index 100% rename from providers_old/aws/checks/emr/check_extra7177 rename to providers/aws/services/emr/check_extra7177 diff --git a/providers_old/aws/checks/emr/check_extra7178 b/providers/aws/services/emr/check_extra7178 similarity index 100% rename from providers_old/aws/checks/emr/check_extra7178 rename to providers/aws/services/emr/check_extra7178 diff --git a/providers_old/aws/checks/es/check_extra7101 b/providers/aws/services/es/check_extra7101 similarity index 100% rename from providers_old/aws/checks/es/check_extra7101 rename to providers/aws/services/es/check_extra7101 diff --git a/providers_old/aws/checks/es/check_extra715 b/providers/aws/services/es/check_extra715 similarity index 100% rename from providers_old/aws/checks/es/check_extra715 rename to providers/aws/services/es/check_extra715 diff --git a/providers_old/aws/checks/es/check_extra716 b/providers/aws/services/es/check_extra716 similarity index 100% rename from providers_old/aws/checks/es/check_extra716 rename to providers/aws/services/es/check_extra716 diff --git a/providers_old/aws/checks/es/check_extra780 b/providers/aws/services/es/check_extra780 similarity index 100% rename from providers_old/aws/checks/es/check_extra780 rename to providers/aws/services/es/check_extra780 diff --git a/providers_old/aws/checks/es/check_extra781 b/providers/aws/services/es/check_extra781 similarity index 100% rename from providers_old/aws/checks/es/check_extra781 rename to providers/aws/services/es/check_extra781 diff --git a/providers_old/aws/checks/es/check_extra782 b/providers/aws/services/es/check_extra782 similarity index 100% rename from providers_old/aws/checks/es/check_extra782 rename to providers/aws/services/es/check_extra782 diff --git a/providers_old/aws/checks/es/check_extra783 b/providers/aws/services/es/check_extra783 similarity index 100% rename from providers_old/aws/checks/es/check_extra783 rename to providers/aws/services/es/check_extra783 diff --git a/providers_old/aws/checks/es/check_extra784 b/providers/aws/services/es/check_extra784 similarity index 100% rename from providers_old/aws/checks/es/check_extra784 rename to providers/aws/services/es/check_extra784 diff --git a/providers_old/aws/checks/es/check_extra785 b/providers/aws/services/es/check_extra785 similarity index 100% rename from providers_old/aws/checks/es/check_extra785 rename to providers/aws/services/es/check_extra785 diff --git a/providers_old/aws/checks/es/check_extra787 b/providers/aws/services/es/check_extra787 similarity index 100% rename from providers_old/aws/checks/es/check_extra787 rename to providers/aws/services/es/check_extra787 diff --git a/providers_old/aws/checks/es/check_extra788 b/providers/aws/services/es/check_extra788 similarity index 100% rename from providers_old/aws/checks/es/check_extra788 rename to providers/aws/services/es/check_extra788 diff --git a/providers_old/aws/checks/glacier/check_extra7147 b/providers/aws/services/glacier/check_extra7147 similarity index 100% rename from providers_old/aws/checks/glacier/check_extra7147 rename to providers/aws/services/glacier/check_extra7147 diff --git a/providers_old/aws/checks/glue/check_extra7114 b/providers/aws/services/glue/check_extra7114 similarity index 100% rename from providers_old/aws/checks/glue/check_extra7114 rename to providers/aws/services/glue/check_extra7114 diff --git a/providers_old/aws/checks/glue/check_extra7115 b/providers/aws/services/glue/check_extra7115 similarity index 100% rename from providers_old/aws/checks/glue/check_extra7115 rename to providers/aws/services/glue/check_extra7115 diff --git a/providers_old/aws/checks/glue/check_extra7116 b/providers/aws/services/glue/check_extra7116 similarity index 100% rename from providers_old/aws/checks/glue/check_extra7116 rename to providers/aws/services/glue/check_extra7116 diff --git a/providers_old/aws/checks/glue/check_extra7117 b/providers/aws/services/glue/check_extra7117 similarity index 100% rename from providers_old/aws/checks/glue/check_extra7117 rename to providers/aws/services/glue/check_extra7117 diff --git a/providers_old/aws/checks/glue/check_extra7118 b/providers/aws/services/glue/check_extra7118 similarity index 100% rename from providers_old/aws/checks/glue/check_extra7118 rename to providers/aws/services/glue/check_extra7118 diff --git a/providers_old/aws/checks/glue/check_extra7119 b/providers/aws/services/glue/check_extra7119 similarity index 100% rename from providers_old/aws/checks/glue/check_extra7119 rename to providers/aws/services/glue/check_extra7119 diff --git a/providers_old/aws/checks/glue/check_extra7120 b/providers/aws/services/glue/check_extra7120 similarity index 100% rename from providers_old/aws/checks/glue/check_extra7120 rename to providers/aws/services/glue/check_extra7120 diff --git a/providers_old/aws/checks/glue/check_extra7121 b/providers/aws/services/glue/check_extra7121 similarity index 100% rename from providers_old/aws/checks/glue/check_extra7121 rename to providers/aws/services/glue/check_extra7121 diff --git a/providers_old/aws/checks/glue/check_extra7122 b/providers/aws/services/glue/check_extra7122 similarity index 100% rename from providers_old/aws/checks/glue/check_extra7122 rename to providers/aws/services/glue/check_extra7122 diff --git a/providers_old/aws/checks/guardduty/check_extra713 b/providers/aws/services/guardduty/check_extra713 similarity index 100% rename from providers_old/aws/checks/guardduty/check_extra713 rename to providers/aws/services/guardduty/check_extra713 diff --git a/providers_old/aws/checks/guardduty/check_extra7139 b/providers/aws/services/guardduty/check_extra7139 similarity index 100% rename from providers_old/aws/checks/guardduty/check_extra7139 rename to providers/aws/services/guardduty/check_extra7139 diff --git a/providers_old/aws/checks/iam/check11 b/providers/aws/services/iam/check11 similarity index 100% rename from providers_old/aws/checks/iam/check11 rename to providers/aws/services/iam/check11 diff --git a/providers_old/aws/checks/iam/check110 b/providers/aws/services/iam/check110 similarity index 100% rename from providers_old/aws/checks/iam/check110 rename to providers/aws/services/iam/check110 diff --git a/providers_old/aws/checks/iam/check111 b/providers/aws/services/iam/check111 similarity index 100% rename from providers_old/aws/checks/iam/check111 rename to providers/aws/services/iam/check111 diff --git a/providers_old/aws/checks/iam/check112 b/providers/aws/services/iam/check112 similarity index 100% rename from providers_old/aws/checks/iam/check112 rename to providers/aws/services/iam/check112 diff --git a/providers_old/aws/checks/iam/check113 b/providers/aws/services/iam/check113 similarity index 100% rename from providers_old/aws/checks/iam/check113 rename to providers/aws/services/iam/check113 diff --git a/providers_old/aws/checks/iam/check114 b/providers/aws/services/iam/check114 similarity index 100% rename from providers_old/aws/checks/iam/check114 rename to providers/aws/services/iam/check114 diff --git a/providers_old/aws/checks/iam/check116 b/providers/aws/services/iam/check116 similarity index 100% rename from providers_old/aws/checks/iam/check116 rename to providers/aws/services/iam/check116 diff --git a/providers_old/aws/checks/iam/check12 b/providers/aws/services/iam/check12 similarity index 100% rename from providers_old/aws/checks/iam/check12 rename to providers/aws/services/iam/check12 diff --git a/providers_old/aws/checks/iam/check120 b/providers/aws/services/iam/check120 similarity index 100% rename from providers_old/aws/checks/iam/check120 rename to providers/aws/services/iam/check120 diff --git a/providers_old/aws/checks/iam/check121 b/providers/aws/services/iam/check121 similarity index 100% rename from providers_old/aws/checks/iam/check121 rename to providers/aws/services/iam/check121 diff --git a/providers_old/aws/checks/iam/check122 b/providers/aws/services/iam/check122 similarity index 100% rename from providers_old/aws/checks/iam/check122 rename to providers/aws/services/iam/check122 diff --git a/providers_old/aws/checks/iam/check13 b/providers/aws/services/iam/check13 similarity index 100% rename from providers_old/aws/checks/iam/check13 rename to providers/aws/services/iam/check13 diff --git a/providers_old/aws/checks/iam/check14 b/providers/aws/services/iam/check14 similarity index 100% rename from providers_old/aws/checks/iam/check14 rename to providers/aws/services/iam/check14 diff --git a/providers_old/aws/checks/iam/check15 b/providers/aws/services/iam/check15 similarity index 100% rename from providers_old/aws/checks/iam/check15 rename to providers/aws/services/iam/check15 diff --git a/providers_old/aws/checks/iam/check16 b/providers/aws/services/iam/check16 similarity index 100% rename from providers_old/aws/checks/iam/check16 rename to providers/aws/services/iam/check16 diff --git a/providers_old/aws/checks/iam/check17 b/providers/aws/services/iam/check17 similarity index 100% rename from providers_old/aws/checks/iam/check17 rename to providers/aws/services/iam/check17 diff --git a/providers_old/aws/checks/iam/check18 b/providers/aws/services/iam/check18 similarity index 100% rename from providers_old/aws/checks/iam/check18 rename to providers/aws/services/iam/check18 diff --git a/providers_old/aws/checks/iam/check19 b/providers/aws/services/iam/check19 similarity index 100% rename from providers_old/aws/checks/iam/check19 rename to providers/aws/services/iam/check19 diff --git a/providers_old/aws/checks/iam/check31 b/providers/aws/services/iam/check31 similarity index 100% rename from providers_old/aws/checks/iam/check31 rename to providers/aws/services/iam/check31 diff --git a/providers_old/aws/checks/iam/check32 b/providers/aws/services/iam/check32 similarity index 100% rename from providers_old/aws/checks/iam/check32 rename to providers/aws/services/iam/check32 diff --git a/providers_old/aws/checks/iam/check33 b/providers/aws/services/iam/check33 similarity index 100% rename from providers_old/aws/checks/iam/check33 rename to providers/aws/services/iam/check33 diff --git a/providers_old/aws/checks/iam/check34 b/providers/aws/services/iam/check34 similarity index 100% rename from providers_old/aws/checks/iam/check34 rename to providers/aws/services/iam/check34 diff --git a/providers_old/aws/checks/iam/check36 b/providers/aws/services/iam/check36 similarity index 100% rename from providers_old/aws/checks/iam/check36 rename to providers/aws/services/iam/check36 diff --git a/providers_old/aws/checks/iam/check_extra71 b/providers/aws/services/iam/check_extra71 similarity index 100% rename from providers_old/aws/checks/iam/check_extra71 rename to providers/aws/services/iam/check_extra71 diff --git a/providers_old/aws/checks/iam/check_extra7100 b/providers/aws/services/iam/check_extra7100 similarity index 100% rename from providers_old/aws/checks/iam/check_extra7100 rename to providers/aws/services/iam/check_extra7100 diff --git a/providers_old/aws/checks/iam/check_extra7123 b/providers/aws/services/iam/check_extra7123 similarity index 100% rename from providers_old/aws/checks/iam/check_extra7123 rename to providers/aws/services/iam/check_extra7123 diff --git a/providers_old/aws/checks/iam/check_extra7125 b/providers/aws/services/iam/check_extra7125 similarity index 100% rename from providers_old/aws/checks/iam/check_extra7125 rename to providers/aws/services/iam/check_extra7125 diff --git a/providers_old/aws/checks/iam/check_extra733 b/providers/aws/services/iam/check_extra733 similarity index 100% rename from providers_old/aws/checks/iam/check_extra733 rename to providers/aws/services/iam/check_extra733 diff --git a/providers_old/aws/checks/iam/check_extra774 b/providers/aws/services/iam/check_extra774 similarity index 100% rename from providers_old/aws/checks/iam/check_extra774 rename to providers/aws/services/iam/check_extra774 diff --git a/providers_old/aws/checks/kms/check28 b/providers/aws/services/kms/check28 similarity index 100% rename from providers_old/aws/checks/kms/check28 rename to providers/aws/services/kms/check28 diff --git a/providers_old/aws/checks/kms/check37 b/providers/aws/services/kms/check37 similarity index 100% rename from providers_old/aws/checks/kms/check37 rename to providers/aws/services/kms/check37 diff --git a/providers_old/aws/checks/kms/check_extra7126 b/providers/aws/services/kms/check_extra7126 similarity index 100% rename from providers_old/aws/checks/kms/check_extra7126 rename to providers/aws/services/kms/check_extra7126 diff --git a/providers_old/aws/checks/kms/check_extra736 b/providers/aws/services/kms/check_extra736 similarity index 100% rename from providers_old/aws/checks/kms/check_extra736 rename to providers/aws/services/kms/check_extra736 diff --git a/providers_old/aws/checks/lambda/check_extra7145 b/providers/aws/services/lambda/check_extra7145 similarity index 100% rename from providers_old/aws/checks/lambda/check_extra7145 rename to providers/aws/services/lambda/check_extra7145 diff --git a/providers_old/aws/checks/lambda/check_extra7179 b/providers/aws/services/lambda/check_extra7179 similarity index 100% rename from providers_old/aws/checks/lambda/check_extra7179 rename to providers/aws/services/lambda/check_extra7179 diff --git a/providers_old/aws/checks/lambda/check_extra7180 b/providers/aws/services/lambda/check_extra7180 similarity index 100% rename from providers_old/aws/checks/lambda/check_extra7180 rename to providers/aws/services/lambda/check_extra7180 diff --git a/providers_old/aws/checks/lambda/check_extra720 b/providers/aws/services/lambda/check_extra720 similarity index 100% rename from providers_old/aws/checks/lambda/check_extra720 rename to providers/aws/services/lambda/check_extra720 diff --git a/providers_old/aws/checks/lambda/check_extra759 b/providers/aws/services/lambda/check_extra759 similarity index 100% rename from providers_old/aws/checks/lambda/check_extra759 rename to providers/aws/services/lambda/check_extra759 diff --git a/providers_old/aws/checks/lambda/check_extra760 b/providers/aws/services/lambda/check_extra760 similarity index 100% rename from providers_old/aws/checks/lambda/check_extra760 rename to providers/aws/services/lambda/check_extra760 diff --git a/providers_old/aws/checks/lambda/check_extra762 b/providers/aws/services/lambda/check_extra762 similarity index 100% rename from providers_old/aws/checks/lambda/check_extra762 rename to providers/aws/services/lambda/check_extra762 diff --git a/providers_old/aws/checks/lambda/check_extra798 b/providers/aws/services/lambda/check_extra798 similarity index 100% rename from providers_old/aws/checks/lambda/check_extra798 rename to providers/aws/services/lambda/check_extra798 diff --git a/providers_old/aws/checks/macie/check_extra712 b/providers/aws/services/macie/check_extra712 similarity index 100% rename from providers_old/aws/checks/macie/check_extra712 rename to providers/aws/services/macie/check_extra712 diff --git a/providers_old/aws/checks/rds/check_extra7113 b/providers/aws/services/rds/check_extra7113 similarity index 100% rename from providers_old/aws/checks/rds/check_extra7113 rename to providers/aws/services/rds/check_extra7113 diff --git a/providers_old/aws/checks/rds/check_extra7131 b/providers/aws/services/rds/check_extra7131 similarity index 100% rename from providers_old/aws/checks/rds/check_extra7131 rename to providers/aws/services/rds/check_extra7131 diff --git a/providers_old/aws/checks/rds/check_extra7132 b/providers/aws/services/rds/check_extra7132 similarity index 100% rename from providers_old/aws/checks/rds/check_extra7132 rename to providers/aws/services/rds/check_extra7132 diff --git a/providers_old/aws/checks/rds/check_extra7133 b/providers/aws/services/rds/check_extra7133 similarity index 100% rename from providers_old/aws/checks/rds/check_extra7133 rename to providers/aws/services/rds/check_extra7133 diff --git a/providers_old/aws/checks/rds/check_extra723 b/providers/aws/services/rds/check_extra723 similarity index 100% rename from providers_old/aws/checks/rds/check_extra723 rename to providers/aws/services/rds/check_extra723 diff --git a/providers_old/aws/checks/rds/check_extra735 b/providers/aws/services/rds/check_extra735 similarity index 100% rename from providers_old/aws/checks/rds/check_extra735 rename to providers/aws/services/rds/check_extra735 diff --git a/providers_old/aws/checks/rds/check_extra739 b/providers/aws/services/rds/check_extra739 similarity index 100% rename from providers_old/aws/checks/rds/check_extra739 rename to providers/aws/services/rds/check_extra739 diff --git a/providers_old/aws/checks/rds/check_extra747 b/providers/aws/services/rds/check_extra747 similarity index 100% rename from providers_old/aws/checks/rds/check_extra747 rename to providers/aws/services/rds/check_extra747 diff --git a/providers_old/aws/checks/rds/check_extra78 b/providers/aws/services/rds/check_extra78 similarity index 100% rename from providers_old/aws/checks/rds/check_extra78 rename to providers/aws/services/rds/check_extra78 diff --git a/providers_old/aws/checks/redshift/check_extra711 b/providers/aws/services/redshift/check_extra711 similarity index 100% rename from providers_old/aws/checks/redshift/check_extra711 rename to providers/aws/services/redshift/check_extra711 diff --git a/providers_old/aws/checks/redshift/check_extra7149 b/providers/aws/services/redshift/check_extra7149 similarity index 100% rename from providers_old/aws/checks/redshift/check_extra7149 rename to providers/aws/services/redshift/check_extra7149 diff --git a/providers_old/aws/checks/redshift/check_extra7160 b/providers/aws/services/redshift/check_extra7160 similarity index 100% rename from providers_old/aws/checks/redshift/check_extra7160 rename to providers/aws/services/redshift/check_extra7160 diff --git a/providers_old/aws/checks/redshift/check_extra721 b/providers/aws/services/redshift/check_extra721 similarity index 100% rename from providers_old/aws/checks/redshift/check_extra721 rename to providers/aws/services/redshift/check_extra721 diff --git a/providers_old/aws/checks/route53/check_extra7152 b/providers/aws/services/route53/check_extra7152 similarity index 100% rename from providers_old/aws/checks/route53/check_extra7152 rename to providers/aws/services/route53/check_extra7152 diff --git a/providers_old/aws/checks/route53/check_extra7153 b/providers/aws/services/route53/check_extra7153 similarity index 100% rename from providers_old/aws/checks/route53/check_extra7153 rename to providers/aws/services/route53/check_extra7153 diff --git a/providers_old/aws/checks/route53/check_extra719 b/providers/aws/services/route53/check_extra719 similarity index 100% rename from providers_old/aws/checks/route53/check_extra719 rename to providers/aws/services/route53/check_extra719 diff --git a/providers_old/aws/checks/s3/check26 b/providers/aws/services/s3/check26 similarity index 100% rename from providers_old/aws/checks/s3/check26 rename to providers/aws/services/s3/check26 diff --git a/providers_old/aws/checks/s3/check38 b/providers/aws/services/s3/check38 similarity index 100% rename from providers_old/aws/checks/s3/check38 rename to providers/aws/services/s3/check38 diff --git a/providers_old/aws/checks/s3/check_extra7172 b/providers/aws/services/s3/check_extra7172 similarity index 100% rename from providers_old/aws/checks/s3/check_extra7172 rename to providers/aws/services/s3/check_extra7172 diff --git a/providers_old/aws/checks/s3/check_extra718 b/providers/aws/services/s3/check_extra718 similarity index 100% rename from providers_old/aws/checks/s3/check_extra718 rename to providers/aws/services/s3/check_extra718 diff --git a/providers_old/aws/checks/s3/check_extra725 b/providers/aws/services/s3/check_extra725 similarity index 100% rename from providers_old/aws/checks/s3/check_extra725 rename to providers/aws/services/s3/check_extra725 diff --git a/providers_old/aws/checks/s3/check_extra73 b/providers/aws/services/s3/check_extra73 similarity index 100% rename from providers_old/aws/checks/s3/check_extra73 rename to providers/aws/services/s3/check_extra73 diff --git a/providers_old/aws/checks/s3/check_extra734 b/providers/aws/services/s3/check_extra734 similarity index 100% rename from providers_old/aws/checks/s3/check_extra734 rename to providers/aws/services/s3/check_extra734 diff --git a/providers_old/aws/checks/s3/check_extra763 b/providers/aws/services/s3/check_extra763 similarity index 100% rename from providers_old/aws/checks/s3/check_extra763 rename to providers/aws/services/s3/check_extra763 diff --git a/providers_old/aws/checks/s3/check_extra764 b/providers/aws/services/s3/check_extra764 similarity index 100% rename from providers_old/aws/checks/s3/check_extra764 rename to providers/aws/services/s3/check_extra764 diff --git a/providers_old/aws/checks/s3/check_extra771 b/providers/aws/services/s3/check_extra771 similarity index 100% rename from providers_old/aws/checks/s3/check_extra771 rename to providers/aws/services/s3/check_extra771 diff --git a/providers_old/aws/checks/sagemaker/check_extra7103 b/providers/aws/services/sagemaker/check_extra7103 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7103 rename to providers/aws/services/sagemaker/check_extra7103 diff --git a/providers_old/aws/checks/sagemaker/check_extra7104 b/providers/aws/services/sagemaker/check_extra7104 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7104 rename to providers/aws/services/sagemaker/check_extra7104 diff --git a/providers_old/aws/checks/sagemaker/check_extra7105 b/providers/aws/services/sagemaker/check_extra7105 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7105 rename to providers/aws/services/sagemaker/check_extra7105 diff --git a/providers_old/aws/checks/sagemaker/check_extra7106 b/providers/aws/services/sagemaker/check_extra7106 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7106 rename to providers/aws/services/sagemaker/check_extra7106 diff --git a/providers_old/aws/checks/sagemaker/check_extra7107 b/providers/aws/services/sagemaker/check_extra7107 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7107 rename to providers/aws/services/sagemaker/check_extra7107 diff --git a/providers_old/aws/checks/sagemaker/check_extra7108 b/providers/aws/services/sagemaker/check_extra7108 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7108 rename to providers/aws/services/sagemaker/check_extra7108 diff --git a/providers_old/aws/checks/sagemaker/check_extra7109 b/providers/aws/services/sagemaker/check_extra7109 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7109 rename to providers/aws/services/sagemaker/check_extra7109 diff --git a/providers_old/aws/checks/sagemaker/check_extra7110 b/providers/aws/services/sagemaker/check_extra7110 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7110 rename to providers/aws/services/sagemaker/check_extra7110 diff --git a/providers_old/aws/checks/sagemaker/check_extra7111 b/providers/aws/services/sagemaker/check_extra7111 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7111 rename to providers/aws/services/sagemaker/check_extra7111 diff --git a/providers_old/aws/checks/sagemaker/check_extra7112 b/providers/aws/services/sagemaker/check_extra7112 similarity index 100% rename from providers_old/aws/checks/sagemaker/check_extra7112 rename to providers/aws/services/sagemaker/check_extra7112 diff --git a/providers_old/aws/checks/secretsmanager/check_extra7163 b/providers/aws/services/secretsmanager/check_extra7163 similarity index 100% rename from providers_old/aws/checks/secretsmanager/check_extra7163 rename to providers/aws/services/secretsmanager/check_extra7163 diff --git a/providers_old/aws/checks/securityhub/check_extra799 b/providers/aws/services/securityhub/check_extra799 similarity index 100% rename from providers_old/aws/checks/securityhub/check_extra799 rename to providers/aws/services/securityhub/check_extra799 diff --git a/providers_old/aws/checks/shield/check_extra7166 b/providers/aws/services/shield/check_extra7166 similarity index 100% rename from providers_old/aws/checks/shield/check_extra7166 rename to providers/aws/services/shield/check_extra7166 diff --git a/providers_old/aws/checks/shield/check_extra7167 b/providers/aws/services/shield/check_extra7167 similarity index 100% rename from providers_old/aws/checks/shield/check_extra7167 rename to providers/aws/services/shield/check_extra7167 diff --git a/providers_old/aws/checks/shield/check_extra7168 b/providers/aws/services/shield/check_extra7168 similarity index 100% rename from providers_old/aws/checks/shield/check_extra7168 rename to providers/aws/services/shield/check_extra7168 diff --git a/providers_old/aws/checks/shield/check_extra7169 b/providers/aws/services/shield/check_extra7169 similarity index 100% rename from providers_old/aws/checks/shield/check_extra7169 rename to providers/aws/services/shield/check_extra7169 diff --git a/providers_old/aws/checks/shield/check_extra7170 b/providers/aws/services/shield/check_extra7170 similarity index 100% rename from providers_old/aws/checks/shield/check_extra7170 rename to providers/aws/services/shield/check_extra7170 diff --git a/providers_old/aws/checks/shield/check_extra7171 b/providers/aws/services/shield/check_extra7171 similarity index 100% rename from providers_old/aws/checks/shield/check_extra7171 rename to providers/aws/services/shield/check_extra7171 diff --git a/providers_old/aws/checks/sns/check_extra7130 b/providers/aws/services/sns/check_extra7130 similarity index 100% rename from providers_old/aws/checks/sns/check_extra7130 rename to providers/aws/services/sns/check_extra7130 diff --git a/providers_old/aws/checks/sns/check_extra731 b/providers/aws/services/sns/check_extra731 similarity index 100% rename from providers_old/aws/checks/sns/check_extra731 rename to providers/aws/services/sns/check_extra731 diff --git a/providers_old/aws/checks/sqs/check_extra727 b/providers/aws/services/sqs/check_extra727 similarity index 100% rename from providers_old/aws/checks/sqs/check_extra727 rename to providers/aws/services/sqs/check_extra727 diff --git a/providers_old/aws/checks/sqs/check_extra728 b/providers/aws/services/sqs/check_extra728 similarity index 100% rename from providers_old/aws/checks/sqs/check_extra728 rename to providers/aws/services/sqs/check_extra728 diff --git a/providers_old/aws/checks/ssm/check_extra7124 b/providers/aws/services/ssm/check_extra7124 similarity index 100% rename from providers_old/aws/checks/ssm/check_extra7124 rename to providers/aws/services/ssm/check_extra7124 diff --git a/providers_old/aws/checks/ssm/check_extra7127 b/providers/aws/services/ssm/check_extra7127 similarity index 100% rename from providers_old/aws/checks/ssm/check_extra7127 rename to providers/aws/services/ssm/check_extra7127 diff --git a/providers_old/aws/checks/ssm/check_extra7140 b/providers/aws/services/ssm/check_extra7140 similarity index 100% rename from providers_old/aws/checks/ssm/check_extra7140 rename to providers/aws/services/ssm/check_extra7140 diff --git a/providers_old/aws/checks/ssm/check_extra7141 b/providers/aws/services/ssm/check_extra7141 similarity index 100% rename from providers_old/aws/checks/ssm/check_extra7141 rename to providers/aws/services/ssm/check_extra7141 diff --git a/providers_old/aws/checks/support/check115 b/providers/aws/services/support/check115 similarity index 100% rename from providers_old/aws/checks/support/check115 rename to providers/aws/services/support/check115 diff --git a/providers_old/aws/checks/support/check117 b/providers/aws/services/support/check117 similarity index 100% rename from providers_old/aws/checks/support/check117 rename to providers/aws/services/support/check117 diff --git a/providers_old/aws/checks/support/check118 b/providers/aws/services/support/check118 similarity index 100% rename from providers_old/aws/checks/support/check118 rename to providers/aws/services/support/check118 diff --git a/providers_old/aws/checks/trustedadvisor/check_extra726 b/providers/aws/services/trustedadvisor/check_extra726 similarity index 100% rename from providers_old/aws/checks/trustedadvisor/check_extra726 rename to providers/aws/services/trustedadvisor/check_extra726 diff --git a/providers_old/aws/checks/vpc/check29 b/providers/aws/services/vpc/check29 similarity index 100% rename from providers_old/aws/checks/vpc/check29 rename to providers/aws/services/vpc/check29 diff --git a/providers_old/aws/checks/vpc/check311 b/providers/aws/services/vpc/check311 similarity index 100% rename from providers_old/aws/checks/vpc/check311 rename to providers/aws/services/vpc/check311 diff --git a/providers_old/aws/checks/vpc/check312 b/providers/aws/services/vpc/check312 similarity index 100% rename from providers_old/aws/checks/vpc/check312 rename to providers/aws/services/vpc/check312 diff --git a/providers_old/aws/checks/vpc/check313 b/providers/aws/services/vpc/check313 similarity index 100% rename from providers_old/aws/checks/vpc/check313 rename to providers/aws/services/vpc/check313 diff --git a/providers_old/aws/checks/vpc/check314 b/providers/aws/services/vpc/check314 similarity index 100% rename from providers_old/aws/checks/vpc/check314 rename to providers/aws/services/vpc/check314 diff --git a/providers_old/aws/checks/vpc/check44 b/providers/aws/services/vpc/check44 similarity index 100% rename from providers_old/aws/checks/vpc/check44 rename to providers/aws/services/vpc/check44 diff --git a/providers_old/aws/checks/vpc/check_extra789 b/providers/aws/services/vpc/check_extra789 similarity index 100% rename from providers_old/aws/checks/vpc/check_extra789 rename to providers/aws/services/vpc/check_extra789 diff --git a/providers_old/aws/checks/vpc/check_extra790 b/providers/aws/services/vpc/check_extra790 similarity index 100% rename from providers_old/aws/checks/vpc/check_extra790 rename to providers/aws/services/vpc/check_extra790 diff --git a/providers_old/aws/common/assume_role b/providers_old/aws/common/assume_role deleted file mode 100644 index 232cdf88..00000000 --- a/providers_old/aws/common/assume_role +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/env bash - -# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. - -assume_role(){ - - PROFILE_OPT=$PROFILE_OPT_BAK - if [[ "${PROFILE_OPT}" = "" ]]; then - # If profile is not defined, restore original credentials from environment variables, if they exists! - restoreInitialAWSCredentials - fi - - # Both variables are mandatory to be set together - if [[ -z $ROLE_TO_ASSUME || -z $ACCOUNT_TO_ASSUME ]]; then - echo "$OPTRED ERROR!$OPTNORMAL - Both Account ID (-A) and IAM Role to assume (-R) must be set" - exit 1 - fi - # if not session duration set with -T, then will be 1h. - # In some cases you will need more than 1h. - if [[ -z $SESSION_DURATION_TO_ASSUME ]]; then - SESSION_DURATION_TO_ASSUME="3600" - elif [[ "${SESSION_DURATION_TO_ASSUME}" -gt "43200" ]] || [[ "${SESSION_DURATION_TO_ASSUME}" -lt "900" ]]; then - echo "$OPTRED ERROR!$OPTNORMAL - Role session duration must be more than 900 seconds and less than 4300 seconds" - exit 1 - fi - - # temporary file where to store credentials - TEMP_STS_ASSUMED_FILE=$(mktemp -t prowler.sts_assumed-XXXXXX) - TEMP_STS_ASSUMED_ERROR=$(mktemp -t prowler.sts_assumed-XXXXXX) - - # check if role arn or role name - if [[ $ROLE_TO_ASSUME == arn:* ]]; then - PROWLER_ROLE=$ROLE_TO_ASSUME - else - PROWLER_ROLE=arn:${AWS_PARTITION}:iam::$ACCOUNT_TO_ASSUME:role/$ROLE_TO_ASSUME - fi - - # Check if external ID has bee provided if so execute with external ID if not ignore - ROLE_EXTERNAL_ID_OPTION="" - if [[ -n "${ROLE_EXTERNAL_ID}" ]]; then - ROLE_EXTERNAL_ID_OPTION="--external-id ${ROLE_EXTERNAL_ID}" - fi - - # Assume role - if ! $AWSCLI $PROFILE_OPT sts assume-role --role-arn $PROWLER_ROLE \ - --role-session-name ProwlerAssessmentSession \ - --duration-seconds $SESSION_DURATION_TO_ASSUME \ - --region $REGION_FOR_STS \ - ${ROLE_EXTERNAL_ID_OPTION} > $TEMP_STS_ASSUMED_FILE 2>"${TEMP_STS_ASSUMED_ERROR}" - then - STS_ERROR="$(cat ${TEMP_STS_ASSUMED_ERROR} | tr '\n' ' ')" - textFail "${STS_ERROR}" - EXITCODE=1 - exit $EXITCODE - fi - - # echo FILE WITH TEMP CREDS: $TEMP_STS_ASSUMED_FILE - - # The profile shouldn't be used for CLI - PROFILE="" - PROFILE_OPT="" - - # Set AWS environment variables with assumed role credentials - ASSUME_AWS_ACCESS_KEY_ID=$(jq -r '.Credentials.AccessKeyId' "${TEMP_STS_ASSUMED_FILE}") - export AWS_ACCESS_KEY_ID=$ASSUME_AWS_ACCESS_KEY_ID - ASSUME_AWS_SECRET_ACCESS_KEY=$(jq -r '.Credentials.SecretAccessKey' "${TEMP_STS_ASSUMED_FILE}") - export AWS_SECRET_ACCESS_KEY=$ASSUME_AWS_SECRET_ACCESS_KEY - ASSUME_AWS_SESSION_TOKEN=$(jq -r '.Credentials.SessionToken' "${TEMP_STS_ASSUMED_FILE}") - export AWS_SESSION_TOKEN=$ASSUME_AWS_SESSION_TOKEN - ASSUME_AWS_SESSION_EXPIRATION=$(jq -r '.Credentials.Expiration | sub("\\+00:00";"Z") | fromdateiso8601' "${TEMP_STS_ASSUMED_FILE}") - export AWS_SESSION_EXPIRATION=$ASSUME_AWS_SESSION_EXPIRATION - # echo TEMP AWS_ACCESS_KEY_ID: $ASSUME_AWS_ACCESS_KEY_ID - # echo TEMP AWS_SECRET_ACCESS_KEY: $ASSUME_AWS_SECRET_ACCESS_KEY - # echo TEMP AWS_SESSION_TOKEN: $ASSUME_AWS_SESSION_TOKEN - # echo EXPIRATION EPOCH TIME: $ASSUME_AWS_SESSION_EXPIRATION - - cleanSTSAssumeFile -} - -cleanSTSAssumeFile() { - rm -fr "${TEMP_STS_ASSUMED_FILE}" - rm -fr "${TEMP_STS_ASSUMED_ERROR}" -} - -backupInitialAWSCredentials() { - if [[ $(printenv AWS_ACCESS_KEY_ID) && $(printenv AWS_SECRET_ACCESS_KEY) && $(printenv AWS_SESSION_TOKEN) ]]; then - INITIAL_AWS_ACCESS_KEY_ID=$(printenv AWS_ACCESS_KEY_ID) - INITIAL_AWS_SECRET_ACCESS_KEY=$(printenv AWS_SECRET_ACCESS_KEY) - INITIAL_AWS_SESSION_TOKEN=$(printenv AWS_SESSION_TOKEN) - fi -} - -restoreInitialAWSCredentials() { - if [[ $INITIAL_AWS_ACCESS_KEY_ID && $INITIAL_AWS_SECRET_ACCESS_KEY && $INITIAL_AWS_SESSION_TOKEN ]]; then - export AWS_ACCESS_KEY_ID=$INITIAL_AWS_ACCESS_KEY_ID - export AWS_SECRET_ACCESS_KEY=$INITIAL_AWS_SECRET_ACCESS_KEY - export AWS_SESSION_TOKEN=$INITIAL_AWS_SESSION_TOKEN - else - unset AWS_ACCESS_KEY_ID - unset AWS_SECRET_ACCESS_KEY - unset AWS_SESSION_TOKEN - fi -} diff --git a/providers_old/aws/common/aws_profile_loader b/providers_old/aws/common/aws_profile_loader deleted file mode 100644 index e79cea87..00000000 --- a/providers_old/aws/common/aws_profile_loader +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env bash - -# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. - - -# It checks -p optoin first and use it as profile, if not -p provided then -# check environment variables and if not, it checks and loads credentials from -# instance profile (metadata server) if runs in an EC2 instance - -INSTANCE_PROFILE=$(curl -s -m 1 http://169.254.169.254/latest/meta-data/iam/security-credentials/) -if echo "$INSTANCE_PROFILE" | grep -q '404 - Not Found'; then - INSTANCE_PROFILE= -fi - -if [[ $PROFILE ]]; then - PROFILE_OPT="--profile $PROFILE" -elif [[ $AWS_ACCESS_KEY_ID && $AWS_SECRET_ACCESS_KEY || $AWS_SESSION_TOKEN || $AWS_PROFILE ]];then - PROFILE="$AWS_PROFILE" - PROFILE_OPT="" -elif [[ -n $AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ]] && [[ -z $INSTANCE_PROFILE ]]; then - PROFILE="INSTANCE-PROFILE" - AWS_ACCESS_KEY_ID=$(curl -s 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI | grep AccessKeyId | cut -d':' -f2 | sed 's/[^0-9A-Z]*//g') - AWS_SECRET_ACCESS_KEY_ID=$(curl -s 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI | grep SecretAccessKey | cut -d':' -f2 | sed 's/[^0-9A-Za-z/+=]*//g') - AWS_SESSION_TOKEN=$(curl -s 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI grep Token| cut -d':' -f2 | sed 's/[^0-9A-Za-z/+=]*//g') -elif [[ $AWS_WEB_IDENTITY_TOKEN_FILE ]]; then - PROFILE="" - PROFILE_OPT="" -elif [[ $INSTANCE_PROFILE ]]; then - PROFILE="INSTANCE-PROFILE" - AWS_ACCESS_KEY_ID=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${INSTANCE_PROFILE} | grep AccessKeyId | cut -d':' -f2 | sed 's/[^0-9A-Z]*//g') - AWS_SECRET_ACCESS_KEY_ID=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${INSTANCE_PROFILE} | grep SecretAccessKey | cut -d':' -f2 | sed 's/[^0-9A-Za-z/+=]*//g') - AWS_SESSION_TOKEN=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${INSTANCE_PROFILE} grep Token| cut -d':' -f2 | sed 's/[^0-9A-Za-z/+=]*//g') -elif [[ $AWS_EXECUTION_ENV == "CloudShell" ]]; then - PROFILE_OPT="" -else - PROFILE="default" - PROFILE_OPT="--profile $PROFILE" -fi -# Backing up $PROFILE_OPT needed to renew assume_role -PROFILE_OPT_BAK=$PROFILE_OPT -# Set default region by aws config, fall back to us-east-1 -REGION_CONFIG=$(aws configure get region) -if [[ $REGION_OPT ]]; then - REGION="$REGION_OPT" -elif [[ $REGION_CONFIG ]]; then - REGION="$REGION_CONFIG" -else - REGION="us-east-1" -fi diff --git a/providers_old/aws/common/awscli_detector b/providers_old/aws/common/awscli_detector deleted file mode 100644 index 6a1fd6b1..00000000 --- a/providers_old/aws/common/awscli_detector +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env bash - -# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. - -# AWS-CLI detector variable -if [ ! -z $(which aws) ]; then - AWSCLI=$(which aws) -elif [ ! -z $(type -p aws) ]; then - AWSCLI=$(type -p aws) -else - echo -e "\n$RED ERROR!$NORMAL AWS-CLI (aws command) not found. Make sure it is installed correctly and in your \$PATH\n" - EXITCODE=1 - exit $EXITCODE -fi diff --git a/providers_old/aws/common/check3x b/providers_old/aws/common/check3x deleted file mode 100644 index 1f6ac4a6..00000000 --- a/providers_old/aws/common/check3x +++ /dev/null @@ -1,98 +0,0 @@ -#!/usr/bin/env bash - -# Prowler - the handy cloud security tool (c) by Toni de la Fuente -# -# This Prowler check is licensed under a -# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. -# -# You should have received a copy of the license along with this -# work. If not, see . - -check3x(){ - grep_filter=$1 - local CHECK_OK - local CHECK_WARN - local CHECK_CROSS_ACCOUNT_WARN - - # In order to make all these checks work properly logs and alarms have to - # be based only on CloudTrail tail with CloudWatchLog configuration. - DESCRIBE_TRAILS_CACHE=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region "$REGION" --query 'trailList[?CloudWatchLogsLogGroupArn != `null`]' 2>&1) - if [[ $(echo "$DESCRIBE_TRAILS_CACHE" | grep AccessDenied) ]]; then - textInfo "$REGION: Access Denied trying to describe trails in $REGION" "$REGION" - return - fi - - TRAIL_LIST=$(echo $DESCRIBE_TRAILS_CACHE | jq -r -c '.[] |@base64') # this treats each array element as its own line - CURRENT_ACCOUNT_ID=$($AWSCLI sts $PROFILE_OPT get-caller-identity --region "$REGION" --query Account --output text) - CLOUDWATCH_LOGGROUP=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region "$REGION" --query 'trailList[*].CloudWatchLogsLogGroupArn' --output text| tr '\011' '\012' | awk -F: '{print $7}') - - if [[ $CLOUDWATCH_LOGGROUP != "" ]]; then - pass_count=0 - for group_obj_enc in $TRAIL_LIST; do - - group_obj_raw=$(echo $group_obj_enc | decode_report) - - CLOUDWATCH_LOGGROUP_NAME=$(echo $group_obj_raw | jq -r '.CloudWatchLogsLogGroupArn|split(":")[6]') - CLOUDWATCH_LOGGROUP_REGION=$(echo $group_obj_raw | jq -r '.CloudWatchLogsLogGroupArn|split(":")[3]') - CLOUDWATCH_LOGGROUP_ACCOUNT=$(echo $group_obj_raw | jq -r '.CloudWatchLogsLogGroupArn|split(":")[4]') - - if [ "$CLOUDWATCH_LOGGROUP_ACCOUNT" == "$CURRENT_ACCOUNT_ID" ];then - # Filter control and whitespace from .metricFilters[*].filterPattern for easier matching later - METRICFILTER_CACHE=$($AWSCLI logs describe-metric-filters --log-group-name "$CLOUDWATCH_LOGGROUP_NAME" $PROFILE_OPT --region "$CLOUDWATCH_LOGGROUP_REGION"|jq '.metricFilters|=map(.filterPattern|=gsub("[[:space:]]+"; " "))') - METRICFILTER_SET=$(echo "${METRICFILTER_CACHE}" | jq -r --arg re "${grep_filter}" '.metricFilters[]|select(.filterPattern|test($re))|.filterName|@base64') - fi - if [[ $METRICFILTER_SET ]];then - for metric in $METRICFILTER_SET; do - metric_decode=$(base64 -d <<< "${metric}") - metric_name=$(echo "${METRICFILTER_CACHE}" | jq -r --arg name "${metric_decode}" '.metricFilters[]|select(.filterName==$name)|.metricTransformations[0].metricName') - HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region "$CLOUDWATCH_LOGGROUP_REGION" --query 'MetricAlarms[?MetricName==`'"$metric_name"'`]' --output text) - if [[ $HAS_ALARM_ASSOCIATED ]];then - CHECK_OK="$CHECK_OK $CLOUDWATCH_LOGGROUP_NAME:$metric" - pass_count=$((pass_count + 1)) - else - CHECK_WARN="$CHECK_WARN $CLOUDWATCH_LOGGROUP_NAME:$metric" - fi - done - elif [ "$CLOUDWATCH_LOGGROUP_ACCOUNT" == "$CURRENT_ACCOUNT_ID" ];then - CHECK_WARN="$CHECK_WARN $CLOUDWATCH_LOGGROUP_NAME" - else - CHECK_CROSS_ACCOUNT_WARN="$CHECK_CROSS_ACCOUNT_WARN $CLOUDWATCH_LOGGROUP_NAME" - fi - done - - if [[ $CHECK_OK ]]; then - for group in $CHECK_OK; do - metric=$(base64 -d <<< "${group#*:}") - group=${group%:*} - textPass "$REGION: CloudWatch group $group found with metric filter $metric and alarms set" "$REGION" "$group" - done - fi - if [[ $CHECK_WARN ]]; then - for group in $CHECK_WARN; do - case $group in - *:*) metric=$(base64 -d <<< "${group#*:}") - group=${group%:*} - if [[ $pass_count == 0 ]]; then - textFail "$REGION: CloudWatch group $group found with metric filter $metric but no alarms associated" "$REGION" "$group" - else - textInfo "$REGION: CloudWatch group $group found with metric filter $metric but no alarms associated" "$REGION" "$group" - fi - ;; - *) if [[ $pass_count == 0 ]]; then - textFail "$REGION: CloudWatch group $group found but no metric filters or alarms associated" "$REGION" "$group" - else - textInfo "$REGION: CloudWatch group $group found but no metric filters or alarms associated" "$REGION" "$group" - fi - ;; - esac - done - fi - if [[ $CHECK_CROSS_ACCOUNT_WARN ]]; then - for group in $CHECK_CROSS_ACCOUNT_WARN; do - textInfo "$REGION: CloudWatch group $group is not in this account" "$REGION" "$group" - done - fi - else - textFail "$REGION: No CloudWatch group found for CloudTrail events" "$REGION" - fi -} diff --git a/providers_old/aws/common/credentials_report b/providers_old/aws/common/credentials_report deleted file mode 100644 index 51f145f9..00000000 --- a/providers_old/aws/common/credentials_report +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env bash - -# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. - -# Generate Credential Report -genCredReport() { - textTitle "" "Generating AWS IAM Credential Report..." - for i in $(seq 1 60); do - GENERATECREDENTIALREPORTOUTPUT=$($AWSCLI iam generate-credential-report --output text --query 'State' $PROFILE_OPT --region $REGION 2>&1) - if [[ $(echo "$GENERATECREDENTIALREPORTOUTPUT" | grep AccessDenied) ]]; then - textFail "Access Denied trying to generate credential report" - exit 1 - fi - if [[ "$GENERATECREDENTIALREPORTOUTPUT" == "COMPLETE" ]]; then - return - fi - sleep 1 - done - textFail "Generate credential report unsuccessful" - exit 1 -} - -# Save report to a file, decode it, deletion at finish and after every single check -saveReport(){ - $AWSCLI iam get-credential-report --query 'Content' --output text $PROFILE_OPT --region $REGION | decode_report > $TEMP_REPORT_FILE - if [[ $KEEPCREDREPORT -eq 1 ]]; then - textTitle "0.2" "Saving IAM Credential Report ..." "NOT_SCORED" "SUPPORT" - textInfo "IAM Credential Report saved in $TEMP_REPORT_FILE" - fi -} - -# Delete temporary report file -cleanTemp(){ - if [[ $KEEPCREDREPORT -ne 1 ]]; then - rm -fr $TEMP_REPORT_FILE - fi - cleanSTSAssumeFile -} - -# Delete the temporary report file if we get interrupted/terminated -trap cleanTemp EXIT diff --git a/providers_old/aws/common/organizations_metadata b/providers_old/aws/common/organizations_metadata deleted file mode 100644 index 6faff87f..00000000 --- a/providers_old/aws/common/organizations_metadata +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/env bash - -# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. - -# Gets account details with a given ACCOUNT_ID. -# Prowler requires organizations:ListAccounts* and organizations:ListTagsForResource -# in the management account in order to get that data. SecurityAudit managed policy includes them. - -# Account Tags are in json format with comma, however they are converted to Base64 -# in order to avoid breaking the CSV or JSON. To use them a post-processor is needed. - -get_orgs_account_details(){ - echo " Prowler is getting details from the AWS Organizations Management Account: ${MANAGEMENT_ACCOUNT_ID}..." - # Assume role to recover AWS Organizations metadata - assume_role - - # The following code requires organizations:ListTagsForResource - ACCOUNTS_DETAILS=$($AWSCLI $PROFILE_OPT --region "${REGION}" organizations list-accounts --output json 2>&1) - if ! grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${ACCOUNTS_DETAILS}" - then - # Prowler gets only ACTIVE accounts details - ACCOUNT_DETAILS_EMAIL=$(jq -r --arg ACCOUNT_ID "${ACCOUNT_NUM}" '.Accounts[] | select(.Status == "ACTIVE") | select(.Id == $ACCOUNT_ID) | "\(.Email)"' <<< "${ACCOUNTS_DETAILS}") - ACCOUNT_DETAILS_NAME=$(jq -r --arg ACCOUNT_ID "${ACCOUNT_NUM}" '.Accounts[] | select(.Status == "ACTIVE") | select(.Id == $ACCOUNT_ID) | "\(.Name)"' <<< "${ACCOUNTS_DETAILS}") - ACCOUNT_DETAILS_ARN=$(jq -r --arg ACCOUNT_ID "${ACCOUNT_NUM}" '.Accounts[] | select(.Status == "ACTIVE") | select(.Id == $ACCOUNT_ID) | "\(.Arn)"' <<< "${ACCOUNTS_DETAILS}") - ACCOUNT_DETAILS_ORG=$(jq -r --arg ACCOUNT_ID "${ACCOUNT_NUM}" '.Accounts[] | select(.Status == "ACTIVE") | select(.Id == $ACCOUNT_ID) | "\(.Arn)"' <<< "${ACCOUNTS_DETAILS}" | awk -F/ '{ print $2 }') - ACCOUNT_DETAILS_TAGS=$($AWSCLI $PROFILE_OPT --region "${REGION}" organizations list-tags-for-resource --resource-id "${MANAGEMENT_ACCOUNT_ID}" --output json | jq -c '. | @base64' 2>&1) - else - # textFail "${regx}: Access Denied trying to list AWS Organization accounts. Prowler requires organizations:List*" "$regx" - textInfo "Access Denied trying to list AWS Organization accounts. Prowler requires organizations:List*" - exit 1 - fi -} diff --git a/providers_old/aws/common/outputs_bucket b/providers_old/aws/common/outputs_bucket deleted file mode 100644 index 5120927c..00000000 --- a/providers_old/aws/common/outputs_bucket +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env bash - -# Prowler - the handy cloud security tool (copyright 2021) by Toni de la Fuente -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. - -if [[ $OUTPUT_BUCKET ]]; then - # output mode has to be set to other than text - if [[ "${MODES[*]}" =~ "text" ]]; then - echo "$OPTRED ERROR!$OPTNORMAL - Mode (-M) can't be text when using custom output bucket. Use -h for help." - exit 1 - else - # need to make sure last / is not set to avoid // in S3 - if [[ $OUTPUT_BUCKET == *"/" ]]; then - OUTPUT_BUCKET=${OUTPUT_BUCKET::-1} - fi - fi -fi - -copyToS3() { - # Prowler will copy each format to its own folder in S3, that is for better handling - # and processing by Quicksight or others. - # Also, check if -F was introduced - if [ -n "${OUTPUT_FILE_NAME+x}" ]; then - OUTPUT_PATH="${OUTPUT_FILE_NAME}" - else - OUTPUT_PATH="$OUTPUT_DIR/prowler-output-${ACCOUNT_NUM}-${OUTPUT_DATE}" - fi - - for output_format in "${MODES[@]}"; - do - case ${output_format} in - csv) - s3cp "${OUTPUT_PATH}" "${EXTENSION_CSV}" - ;; - html) - s3cp "${OUTPUT_PATH}" "${EXTENSION_HTML}" - ;; - json) - s3cp "${OUTPUT_PATH}" "${EXTENSION_JSON}" - ;; - json-asff) - s3cp "${OUTPUT_PATH}" "${EXTENSION_ASFF}" - ;; - *) - echo "$OPTRED ERROR!$OPTNORMAL - Invalid output format copying to S3. Use -h for help." - exit 1 - ;; - esac - done -} - -s3cp(){ - OUTPUT_PATH="${1}" - EXTENSION="${2}" - "${AWSCLI}" ${PROFILE_OPT} s3 cp "${OUTPUT_PATH}.${EXTENSION}" s3://"${OUTPUT_BUCKET}"/${EXTENSION}/ --acl bucket-owner-full-control -} diff --git a/providers_old/aws/common/securityhub_integration b/providers_old/aws/common/securityhub_integration deleted file mode 100644 index 184c7035..00000000 --- a/providers_old/aws/common/securityhub_integration +++ /dev/null @@ -1,103 +0,0 @@ -#!/usr/bin/env bash - -# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. - -# Checks that the correct mode (json-asff) has been specified if wanting to send check output to AWS Security Hub -# and that Security Hub is enabled in the chosen region -checkSecurityHubCompatibility(){ - - local regx - if [[ "${MODE}" != "json-asff" ]]; then - echo -e "\n$RED ERROR!$NORMAL Output can only be sent to Security Hub when the output mode is json-asff, i.e. -M json-asff -S\n" - EXITCODE=1 - exit $EXITCODE - fi - for regx in $REGIONS; do - SECURITY_HUB_ENABLED=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT describe-hub 2>/dev/null) - if [[ -z "${SECURITY_HUB_ENABLED}" ]]; then - if [[ -z "${PROWLER_PRODUCT_SUBSCRIPTION_ENABLED}" ]]; then - echo -e "\n$RED ERROR!$NORMAL Security Hub is not enabled in $regx. Enable it running '$AWSCLI securityhub --region $regx $PROFILE_OPT enable-security-hub'. More info: https://github.com/prowler-cloud/prowler/#security-hub-integration\n" - EXITCODE=1 - exit $EXITCODE - fi - else - PROWLER_PRODUCT_SUBSCRIPTION_ENABLED=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT list-enabled-products-for-import --output text | grep "prowler/prowler" ) - if [[ -z "${PROWLER_PRODUCT_SUBSCRIPTION_ENABLED}" ]]; then - echo -e "\n$RED ERROR!$NORMAL Security Hub is enabled in $regx but Prowler integration does not accept findings. Enable it running '$AWSCLI securityhub --region $regx $PROFILE_OPT enable-import-findings-for-product --product-arn arn:aws:securityhub:$regx::product/prowler/prowler'. More info: https://github.com/prowler-cloud/prowler/#security-hub-integration\n" - EXITCODE=1 - exit $EXITCODE - fi - fi - done -} - -resolveSecurityHubPreviousFails(){ - # Move previous check findings RecordState to ARCHIVED (as prowler didn't re-detect them) - SH_TEMP_FOLDER="$PROWLER_DIR/SH-$ACCOUNT_NUM" - if [[ ! -d $SH_TEMP_FOLDER ]]; then - # this folder is deleted once the security hub update is completed - mkdir "$SH_TEMP_FOLDER" - fi - for regx in $REGIONS; do - REGION_FOLDER="$SH_TEMP_FOLDER/$regx" - if [[ ! -d $REGION_FOLDER ]]; then - mkdir "$REGION_FOLDER" - fi - local check="$1" - NEW_TIMESTAMP=$(get_iso8601_timestamp) - - FILTER="{\"GeneratorId\":[{\"Value\": \"prowler-$check\",\"Comparison\":\"EQUALS\"}],\"RecordState\":[{\"Value\": \"ACTIVE\",\"Comparison\":\"EQUALS\"}],\"AwsAccountId\":[{\"Value\": \"$ACCOUNT_NUM\",\"Comparison\":\"EQUALS\"}]}" - - NEW_FINDING_FILE="$REGION_FOLDER/findings.json" - NEW_FINDING_IDS=$(echo -n "${SECURITYHUB_NEW_FINDINGS_IDS[@]}" | jq -cRs 'split(" ")' > $NEW_FINDING_FILE) - EXISTING_FILE="$REGION_FOLDER/existing.json" - EXISTING_FINDINGS=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT get-findings --filters "${FILTER}" > $EXISTING_FILE) - - SECURITY_HUB_PREVIOUS_FINDINGS=$(for id in $(comm -23 <(jq '[.Findings[].Id] | sort | .[]' $EXISTING_FILE) <(jq '[.[]] | sort | .[]' $NEW_FINDING_FILE)); - do - jq --arg updated_at $NEW_TIMESTAMP '.Findings[] | select(.Id == '"$id"') | .RecordState = "ARCHIVED" | .UpdatedAt = $updated_at ' < $EXISTING_FILE - done | jq -s '.') - - - if [[ $SECURITY_HUB_PREVIOUS_FINDINGS != "[]" ]]; then - FINDINGS_COUNT=$(echo $SECURITY_HUB_PREVIOUS_FINDINGS | jq '. | length') - for i in $(seq 0 50 $FINDINGS_COUNT); - do - BATCH_FINDINGS=$(echo $SECURITY_HUB_PREVIOUS_FINDINGS | jq -c '.['"$i:$i+50"']') - BATCH_FINDINGS_COUNT=$(echo $BATCH_FINDINGS | jq '. | length') - if [ "$BATCH_FINDINGS_COUNT" -gt 0 ]; then - BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT batch-import-findings --findings "${BATCH_FINDINGS}") - if [[ -z "${BATCH_IMPORT_RESULT}" ]] || jq -e '.FailedCount >= 1' <<< "${BATCH_IMPORT_RESULT}" > /dev/null 2>&1; then - echo -e "\n$RED ERROR!$NORMAL Failed to send check output to AWS Security Hub\n" - fi - fi - done - fi - done - rm -rf "$SH_TEMP_FOLDER" -} - -sendToSecurityHub(){ - - local findings="$1" - local region="$2" - - local finding_id=$(echo ${findings} | jq -r .Id ) - SECURITYHUB_NEW_FINDINGS_IDS+=( "$finding_id" ) - BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$region" $PROFILE_OPT batch-import-findings --findings "${findings}") - - # Check for success if imported - if [[ -z "${BATCH_IMPORT_RESULT}" ]] || ! jq -e '.SuccessCount == 1' <<< "${BATCH_IMPORT_RESULT}" > /dev/null 2>&1; then - echo -e "\n$RED ERROR!$NORMAL Failed to send check output to AWS Security Hub\n" - fi - -}