From 707584b2ef95e48e41298a37615dfce5ad374afe Mon Sep 17 00:00:00 2001 From: Sebastian Nyberg <23510320+senyberg@users.noreply.github.com> Date: Tue, 13 Jun 2023 18:18:10 +0300 Subject: [PATCH] feat(aws): Add MFA flag if try to assume role in AWS (#2478) Co-authored-by: Pepe Fagoaga Co-authored-by: Sergio Garcia --- docs/getting-started/requirements.md | 7 ++ docs/tutorials/aws/authentication.md | 31 ++++++ docs/tutorials/aws/role-assumption.md | 9 +- mkdocs.yml | 1 + prowler/lib/cli/parser.py | 5 + prowler/providers/aws/aws_provider.py | 77 +++++++++++---- .../aws/lib/audit_info/audit_info.py | 2 + .../providers/aws/lib/audit_info/models.py | 2 + prowler/providers/common/audit_info.py | 11 +++ tests/lib/check/check_test.py | 1 + tests/lib/cli/parser_test.py | 6 ++ tests/lib/outputs/outputs_test.py | 6 ++ tests/lib/outputs/slack_test.py | 1 + tests/providers/aws/aws_provider_test.py | 96 ++++++++++++++++++- .../aws/lib/allowlist/allowlist_test.py | 1 + .../accessanalyzer_service_test.py | 1 + .../aws/services/acm/acm_service_test.py | 1 + .../apigateway_authorizers_enabled_test.py | 1 + ...gateway_client_certificate_enabled_test.py | 1 + .../apigateway_endpoint_public_test.py | 1 + .../apigateway_logging_enabled_test.py | 1 + .../apigateway/apigateway_service_test.py | 1 + .../apigateway_waf_acl_attached_test.py | 1 + ...pigatewayv2_access_logging_enabled_test.py | 1 + .../apigatewayv2_authorizers_enabled_test.py | 1 + .../apigatewayv2/apigatewayv2_service_test.py | 1 + .../appstream/appstream_service_test.py | 1 + ...d_secrets_ec2_launch_configuration_test.py | 1 + .../autoscaling_group_multiple_az_test.py | 1 + .../autoscaling/autoscaling_service_test.py | 1 + ...rations_cloudtrail_logging_enabled_test.py | 1 + .../awslambda/awslambda_service_test.py | 1 + .../services/backup/backup_service_test.py | 1 + .../cloudformation_service_test.py | 1 + .../cloudfront/cloudfront_service_test.py | 1 + ...udtrail_bucket_requires_mfa_delete_test.py | 1 + ...udtrail_cloudwatch_logging_enabled_test.py | 1 + .../cloudtrail_insights_exist_test.py | 1 + .../cloudtrail_kms_encryption_enabled_test.py | 1 + ...dtrail_log_file_validation_enabled_test.py | 1 + ...s_s3_bucket_access_logging_enabled_test.py | 1 + ..._bucket_is_not_publicly_accessible_test.py | 1 + .../cloudtrail_multi_region_enabled_test.py | 1 + ...udtrail_s3_dataevents_read_enabled_test.py | 1 + ...dtrail_s3_dataevents_write_enabled_test.py | 1 + .../cloudtrail/cloudtrail_service_test.py | 1 + ...s_to_network_acls_alarm_configured_test.py | 1 + ..._network_gateways_alarm_configured_test.py | 1 + ...work_route_tables_alarm_configured_test.py | 1 + ...h_changes_to_vpcs_alarm_configured_test.py | 1 + ...tch_cross_account_sharing_disabled_test.py | 1 + ...h_log_group_kms_encryption_enabled_test.py | 1 + ...watch_log_group_no_secrets_in_logs_test.py | 1 + ...ntion_policy_specific_days_enabled_test.py | 1 + ...nfig_configuration_changes_enabled_test.py | 1 + ...rail_configuration_changes_enabled_test.py | 1 + ...ric_filter_authentication_failures_test.py | 1 + ...c_filter_aws_organizations_changes_test.py | 1 + ...e_or_scheduled_deletion_of_kms_cmk_test.py | 1 + ...ilter_for_s3_bucket_policy_changes_test.py | 1 + ...h_log_metric_filter_policy_changes_test.py | 1 + ...watch_log_metric_filter_root_usage_test.py | 1 + ...tric_filter_security_group_changes_test.py | 1 + ..._metric_filter_sign_in_without_mfa_test.py | 1 + ...tric_filter_unauthorized_api_calls_test.py | 1 + .../cloudwatch/cloudwatch_service_test.py | 1 + .../codeartifact/codeartifact_service_test.py | 1 + .../codebuild/codebuild_service_test.py | 1 + ...onfig_recorder_all_regions_enabled_test.py | 1 + .../services/config/config_service_test.py | 1 + .../directoryservice_service_test.py | 1 + .../aws/services/drs/drs_service_test.py | 1 + ...lerator_cluster_encryption_enabled_test.py | 1 + .../dynamodb/dynamodb_service_test.py | 1 + ..._tables_kms_cmk_encryption_enabled_test.py | 1 + .../dynamodb_tables_pitr_enabled_test.py | 1 + .../ec2/ec2_ami_public/ec2_ami_public_test.py | 1 + .../ec2_ebs_default_encryption_test.py | 1 + .../ec2_ebs_public_snapshot_test.py | 1 + .../ec2_ebs_snapshots_encrypted_test.py | 1 + .../ec2_ebs_volume_encryption_test.py | 1 + .../ec2_elastic_ip_shodan_test.py | 1 + .../ec2_elastic_ip_unassgined_test.py | 1 + .../ec2_instance_imdsv2_enabled_test.py | 1 + ...ernet_facing_with_instance_profile_test.py | 1 + ..._instance_older_than_specific_days_test.py | 1 + .../ec2_instance_profile_attached_test.py | 1 + .../ec2_instance_public_ip_test.py | 1 + .../ec2_instance_secrets_user_data_test.py | 1 + ..._networkacl_allow_ingress_any_port_test.py | 1 + ...tworkacl_allow_ingress_tcp_port_22_test.py | 1 + ...orkacl_allow_ingress_tcp_port_3389_test.py | 1 + ..._ingress_from_internet_to_any_port_test.py | 1 + ...ternet_to_port_mongodb_27017_27018_test.py | 1 + ...rom_internet_to_tcp_ftp_port_20_21_test.py | 1 + ...gress_from_internet_to_tcp_port_22_test.py | 1 + ...ess_from_internet_to_tcp_port_3389_test.py | 1 + ..._tcp_port_cassandra_7199_9160_8888_test.py | 1 + ...lasticsearch_kibana_9200_9300_5601_test.py | 1 + ...om_internet_to_tcp_port_kafka_9092_test.py | 1 + ...ternet_to_tcp_port_memcached_11211_test.py | 1 + ...om_internet_to_tcp_port_mysql_3306_test.py | 1 + ...ernet_to_tcp_port_oracle_1521_2483_test.py | 1 + ...internet_to_tcp_port_postgres_5432_test.py | 1 + ...om_internet_to_tcp_port_redis_6379_test.py | 1 + ...t_to_tcp_port_sql_server_1433_1434_test.py | 1 + ...rom_internet_to_tcp_port_telnet_23_test.py | 1 + ...ygroup_allow_wide_open_public_ipv4_test.py | 1 + ...ritygroup_default_restrict_traffic_test.py | 1 + ...2_securitygroup_from_launch_wizard_test.py | 1 + .../ec2_securitygroup_not_used_test.py | 1 + ...oup_with_many_ingress_egress_rules_test.py | 1 + .../aws/services/ec2/ec2_service_test.py | 1 + .../aws/services/ecr/ecr_service_test.py | 1 + .../aws/services/ecs/ecs_service_test.py | 1 + .../aws/services/efs/efs_service_test.py | 1 + .../aws/services/eks/eks_service_test.py | 1 + .../elb_insecure_ssl_ciphers_test.py | 1 + .../elb_internet_facing_test.py | 1 + .../elb_logging_enabled_test.py | 1 + .../aws/services/elb/elb_service_test.py | 1 + .../elb_ssl_listeners_test.py | 1 + .../elbv2_deletion_protection_test.py | 1 + .../elbv2_desync_mitigation_mode_test.py | 1 + .../elbv2_insecure_ssl_ciphers_test.py | 1 + .../elbv2_internet_facing_test.py | 1 + .../elbv2_listeners_underneath_test.py | 1 + .../elbv2_logging_enabled_test.py | 1 + .../aws/services/elbv2/elbv2_service_test.py | 1 + .../elbv2_ssl_listeners_test.py | 1 + .../elbv2_waf_acl_attached_test.py | 1 + .../emr_cluster_publicly_accesible_test.py | 1 + .../aws/services/emr/emr_service_test.py | 1 + .../aws/services/fms/fms_service_test.py | 1 + .../services/glacier/glacier_service_test.py | 1 + .../globalaccelerator_service_test.py | 1 + .../aws/services/glue/glue_service_test.py | 1 + .../guardduty/guardduty_service_test.py | 1 + .../iam_administrator_access_with_mfa_test.py | 1 + .../iam_avoid_root_usage_test.py | 1 + ...olicy_no_administrative_privileges_test.py | 1 + .../iam_check_saml_providers_sts_test.py | 1 + ...olicy_no_administrative_privileges_test.py | 1 + ...olicy_no_administrative_privileges_test.py | 1 + .../iam_disable_30_days_credentials_test.py | 1 + .../iam_disable_45_days_credentials_test.py | 1 + .../iam_disable_90_days_credentials_test.py | 1 + ..._policy_permissive_role_assumption_test.py | 1 + ...expired_server_certificates_stored_test.py | 1 + .../iam_no_root_access_key_test.py | 1 + ...s_passwords_within_90_days_or_less_test.py | 1 + .../iam_password_policy_lowercase_test.py | 1 + ..._password_policy_minimum_length_14_test.py | 1 + .../iam_password_policy_number_test.py | 1 + .../iam_password_policy_reuse_24_test.py | 1 + .../iam_password_policy_symbol_test.py | 1 + .../iam_password_policy_uppercase_test.py | 1 + ...policy_allows_privilege_escalation_test.py | 1 + ...cy_attached_only_to_group_or_roles_test.py | 1 + ...olicy_no_full_access_to_cloudtrail_test.py | 1 + .../iam_policy_no_full_access_to_kms_test.py | 1 + ...ross_account_readonlyaccess_policy_test.py | 1 + ...service_confused_deputy_prevention_test.py | 1 + .../iam_root_hardware_mfa_enabled_test.py | 1 + .../iam_root_mfa_enabled_test.py | 1 + .../iam_rotate_access_key_90_days_test.py | 1 + .../iam_securityaudit_role_created_test.py | 1 + .../aws/services/iam/iam_service_test.py | 1 + .../iam_support_role_created_test.py | 1 + .../iam_user_hardware_mfa_enabled_test.py | 1 + ...am_user_mfa_enabled_console_access_test.py | 1 + ...m_user_no_setup_initial_access_key_test.py | 1 + .../iam_user_two_active_access_key_test.py | 1 + .../inspector2/inspector2_service_test.py | 1 + .../kms_cmk_are_used/kms_cmk_are_used_test.py | 1 + .../kms_cmk_rotation_enabled_test.py | 1 + .../kms_key_not_publicly_accessible_test.py | 1 + .../aws/services/kms/kms_service_test.py | 1 + .../aws/services/macie/macie_service_test.py | 1 + .../networkfirewall_in_all_vpc_test.py | 1 + .../networkfirewall_service_test.py | 1 + .../opensearch/opensearch_service_test.py | 1 + ...ions_account_part_of_organizations_test.py | 1 + ...nizations_delegated_administrators_test.py | 1 + ...ganizations_scp_check_deny_regions_test.py | 1 + .../organizations_service_test.py | 1 + ...tags_policies_enabled_and_attached_test.py | 1 + .../rds_instance_backup_enabled_test.py | 1 + .../rds_instance_deletion_protection_test.py | 1 + ...instance_deprecated_engine_version_test.py | 1 + ...stance_enhanced_monitoring_enabled_test.py | 1 + ...stance_integration_cloudwatch_logs_test.py | 1 + ...ance_minor_version_upgrade_enabled_test.py | 1 + .../rds_instance_multi_az_test.py | 1 + .../rds_instance_no_public_access_test.py | 1 + .../rds_instance_storage_encrypted_test.py | 1 + .../rds_instance_transport_encrypted_test.py | 1 + .../aws/services/rds/rds_service_test.py | 1 + .../rds_snapshots_public_access_test.py | 1 + .../redshift/redshift_service_test.py | 1 + .../resourceexplorer2_indexes_found_test.py | 1 + .../resourceexplorer2_service_test.py | 1 + ...e53_dangling_ip_subdomain_takeover_test.py | 1 + .../services/route53/route53_service_test.py | 1 + .../route53/route53domains_service_test.py | 1 + ...account_level_public_access_blocks_test.py | 1 + .../s3_bucket_acl_prohibited_test.py | 1 + .../s3_bucket_default_encryption_test.py | 1 + ...3_bucket_level_public_access_block_test.py | 1 + .../s3_bucket_no_mfa_delete_test.py | 1 + .../s3_bucket_object_lock_test.py | 1 + .../s3_bucket_object_versioning_test.py | 1 + ..._bucket_policy_public_write_access_test.py | 1 + .../s3_bucket_public_access_test.py | 1 + .../s3_bucket_secure_transport_policy_test.py | 1 + ...cket_server_access_logging_enabled_test.py | 1 + .../aws/services/s3/s3_service_test.py | 1 + .../sagemaker/sagemaker_service_test.py | 1 + .../secretsmanager_service_test.py | 1 + .../securityhub/securityhub_service_test.py | 1 + ...otection_in_associated_elastic_ips_test.py | 1 + ...otection_in_classic_load_balancers_test.py | 1 + ..._in_internet_facing_load_balancers_test.py | 1 + .../services/shield/shield_service_test.py | 1 + .../aws/services/sns/sns_service_test.py | 1 + .../aws/services/sqs/sqs_service_test.py | 1 + .../aws/services/ssm/ssm_service_test.py | 1 + .../ssmincidents/ssmincidents_service_test.py | 1 + .../trustedadvisor_service_test.py | 1 + .../vpc_different_regions_test.py | 1 + ...point_connections_trust_boundaries_test.py | 1 + ...llowed_principals_trust_boundaries_test.py | 1 + .../vpc_flow_logs_enabled_test.py | 1 + ...outing_tables_with_least_privilege_test.py | 1 + .../aws/services/vpc/vpc_service_test.py | 1 + .../vpc_subnet_different_az_test.py | 1 + ...vpc_subnet_no_public_ip_by_default_test.py | 1 + ...vpc_subnet_separate_private_public_test.py | 1 + .../aws/services/waf/waf_service_test.py | 1 + .../aws/services/wafv2/wafv2_service_test.py | 1 + .../wellarchitected_service_test.py | 1 + .../workspaces/workspaces_service_test.py | 1 + ...s_vpc_2private_1public_subnets_nat_test.py | 1 + tests/providers/common/audit_info_test.py | 10 +- tests/providers/common/common_outputs_test.py | 1 + 245 files changed, 470 insertions(+), 25 deletions(-) create mode 100644 docs/tutorials/aws/authentication.md diff --git a/docs/getting-started/requirements.md b/docs/getting-started/requirements.md index 9cafe84f30..c327040b25 100644 --- a/docs/getting-started/requirements.md +++ b/docs/getting-started/requirements.md @@ -30,6 +30,13 @@ Those credentials must be associated to a user or role with proper permissions t > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json). +### Multi-Factor Authentication + +If your IAM entity enforces MFA you can use `--mfa` and Prowler will ask you to input the following values to get a new session: + +- ARN of your MFA device +- TOTP (Time-Based One-Time Password) + ## Azure Prowler for azure supports the following authentication types: diff --git a/docs/tutorials/aws/authentication.md b/docs/tutorials/aws/authentication.md new file mode 100644 index 0000000000..971d1aa4ea --- /dev/null +++ b/docs/tutorials/aws/authentication.md @@ -0,0 +1,31 @@ +# AWS Authentication + +Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or instance profile/role): + +```console +aws configure +``` + +or + +```console +export AWS_ACCESS_KEY_ID="ASXXXXXXX" +export AWS_SECRET_ACCESS_KEY="XXXXXXXXX" +export AWS_SESSION_TOKEN="XXXXXXXXX" +``` + +Those credentials must be associated to a user or role with proper permissions to do all checks. To make sure, add the following AWS managed policies to the user or role being used: + + - arn:aws:iam::aws:policy/SecurityAudit + - arn:aws:iam::aws:policy/job-function/ViewOnlyAccess + + > Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using. + + > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json). + +## Multi-Factor Authentication + +If your IAM entity enforces MFA you can use `--mfa` and Prowler will ask you to input the following values to get a new session: + +- ARN of your MFA device +- TOTP (Time-Based One-Time Password) diff --git a/docs/tutorials/aws/role-assumption.md b/docs/tutorials/aws/role-assumption.md index 7348855ea9..ae302bb533 100644 --- a/docs/tutorials/aws/role-assumption.md +++ b/docs/tutorials/aws/role-assumption.md @@ -5,7 +5,7 @@ Prowler uses the AWS SDK (Boto3) underneath so it uses the same authentication m However, there are few ways to run Prowler against multiple accounts using IAM Assume Role feature depending on each use case: 1. You can just set up your custom profile inside `~/.aws/config` with all needed information about the role to assume then call it with `prowler aws -p/--profile your-custom-profile`. - - An example profile that performs role-chaining is given below. The `credential_source` can either be set to `Environment`, `Ec2InstanceMetadata`, or `EcsContainer`. + - An example profile that performs role-chaining is given below. The `credential_source` can either be set to `Environment`, `Ec2InstanceMetadata`, or `EcsContainer`. - Alternatively, you could use the `source_profile` instead of `credential_source` to specify a separate named profile that contains IAM user credentials with permission to assume the target the role. More information can be found [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html). ``` [profile crossaccountrole] @@ -23,6 +23,13 @@ prowler aws -R arn:aws:iam:::role/ prowler aws -T/--session-duration -I/--external-id -R arn:aws:iam:::role/ ``` +## Role MFA + +If your IAM Role has MFA configured you can use `--mfa` along with `-R`/`--role ` and Prowler will ask you to input the following values to get a new temporary session for the IAM Role provided: +- ARN of your MFA device +- TOTP (Time-Based One-Time Password) + + ## Create Role To create a role to be assumed in one or multiple accounts you can use either as CloudFormation Stack or StackSet the following [template](https://github.com/prowler-cloud/prowler/blob/master/permissions/create_role_to_assume_cfn.yaml) and adapt it. diff --git a/mkdocs.yml b/mkdocs.yml index 289e24c2e5..765e856020 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -40,6 +40,7 @@ nav: - Pentesting: tutorials/pentesting.md - Developer Guide: tutorials/developer-guide.md - AWS: + - Authentication: tutorials/aws/authentication.md - Assume Role: tutorials/aws/role-assumption.md - AWS Security Hub: tutorials/aws/securityhub.md - AWS Organizations: tutorials/aws/organizations.md diff --git a/prowler/lib/cli/parser.py b/prowler/lib/cli/parser.py index 9d7a8225fa..e521f4a717 100644 --- a/prowler/lib/cli/parser.py +++ b/prowler/lib/cli/parser.py @@ -289,6 +289,11 @@ Detailed documentation at https://docs.prowler.cloud help="ARN of the role to be assumed", # Pending ARN validation ) + aws_auth_subparser.add_argument( + "--mfa", + action="store_true", + help="IAM entity enforces MFA so you need to input the MFA ARN and the TOTP", + ) aws_auth_subparser.add_argument( "-T", "--session-duration", diff --git a/prowler/providers/aws/aws_provider.py b/prowler/providers/aws/aws_provider.py index 94a4bb7baf..99b0525dd1 100644 --- a/prowler/providers/aws/aws_provider.py +++ b/prowler/providers/aws/aws_provider.py @@ -2,7 +2,7 @@ import os import pathlib import sys -from boto3 import session +from boto3 import client, session from botocore.credentials import RefreshableCredentials from botocore.session import get_session @@ -25,8 +25,8 @@ class AWS_Provider: def set_session(self, audit_info): try: + # If we receive a credentials object filled is coming form an assumed role, so renewal is needed if audit_info.credentials: - # If we receive a credentials object filled is coming form an assumed role, so renewal is needed logger.info("Creating session for assumed role ...") # From botocore we can use RefreshableCredentials class, which has an attribute (refresh_using) # that needs to be a method without arguments that retrieves a new set of fresh credentials @@ -52,9 +52,37 @@ class AWS_Provider: # If we do not receive credentials start the session using the profile else: logger.info("Creating session for not assumed identity ...") - return session.Session(profile_name=audit_info.profile) + # Input MFA only if a role is not going to be assumed + if audit_info.mfa_enabled and not audit_info.assumed_role_info.role_arn: + mfa_ARN, mfa_TOTP = input_role_mfa_token_and_code() + get_session_token_arguments = { + "SerialNumber": mfa_ARN, + "TokenCode": mfa_TOTP, + } + sts_client = client("sts") + session_credentials = sts_client.get_session_token( + **get_session_token_arguments + ) + return session.Session( + aws_access_key_id=session_credentials["Credentials"][ + "AccessKeyId" + ], + aws_secret_access_key=session_credentials["Credentials"][ + "SecretAccessKey" + ], + aws_session_token=session_credentials["Credentials"][ + "SessionToken" + ], + profile_name=audit_info.profile, + ) + else: + return session.Session( + profile_name=audit_info.profile, + ) except Exception as error: - logger.critical(f"{error.__class__.__name__} -- {error}") + logger.critical( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}" + ) sys.exit(1) # Refresh credentials method using assume role @@ -79,31 +107,40 @@ class AWS_Provider: def assume_role(session: session.Session, assumed_role_info: AWS_Assume_Role) -> dict: try: + assume_role_arguments = { + "RoleArn": assumed_role_info.role_arn, + "RoleSessionName": "ProwlerAsessmentSession", + "DurationSeconds": assumed_role_info.session_duration, + } + + if assumed_role_info.external_id: + assume_role_arguments["ExternalId"] = assumed_role_info.external_id + + if assumed_role_info.mfa_enabled: + mfa_ARN, mfa_TOTP = input_role_mfa_token_and_code() + assume_role_arguments["SerialNumber"] = mfa_ARN + assume_role_arguments["TokenCode"] = mfa_TOTP + # set the info to assume the role from the partition, account and role name sts_client = session.client("sts") - # If external id, set it to the assume role api call - if assumed_role_info.external_id: - assumed_credentials = sts_client.assume_role( - RoleArn=assumed_role_info.role_arn, - RoleSessionName="ProwlerAsessmentSession", - DurationSeconds=assumed_role_info.session_duration, - ExternalId=assumed_role_info.external_id, - ) - # else assume the role without the external id - else: - assumed_credentials = sts_client.assume_role( - RoleArn=assumed_role_info.role_arn, - RoleSessionName="ProwlerProAsessmentSession", - DurationSeconds=assumed_role_info.session_duration, - ) + assumed_credentials = sts_client.assume_role(**assume_role_arguments) except Exception as error: - logger.critical(f"{error.__class__.__name__} -- {error}") + logger.critical( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}" + ) sys.exit(1) else: return assumed_credentials +def input_role_mfa_token_and_code() -> tuple[str]: + """input_role_mfa_token_and_code ask for the AWS MFA ARN and TOTP and returns it.""" + mfa_ARN = input("Enter ARN of MFA: ") + mfa_TOTP = input("Enter MFA code: ") + return (mfa_ARN.strip(), mfa_TOTP.strip()) + + def generate_regional_clients( service: str, audit_info: AWS_Audit_Info, global_service: bool = False ) -> dict: diff --git a/prowler/providers/aws/lib/audit_info/audit_info.py b/prowler/providers/aws/lib/audit_info/audit_info.py index 665aa43bde..bcb599333e 100644 --- a/prowler/providers/aws/lib/audit_info/audit_info.py +++ b/prowler/providers/aws/lib/audit_info/audit_info.py @@ -29,7 +29,9 @@ current_audit_info = AWS_Audit_Info( role_arn=None, session_duration=None, external_id=None, + mfa_enabled=None, ), + mfa_enabled=None, audit_resources=None, audited_regions=None, organizations_metadata=None, diff --git a/prowler/providers/aws/lib/audit_info/models.py b/prowler/providers/aws/lib/audit_info/models.py index 1b68fecb7c..b04deddb41 100644 --- a/prowler/providers/aws/lib/audit_info/models.py +++ b/prowler/providers/aws/lib/audit_info/models.py @@ -19,6 +19,7 @@ class AWS_Assume_Role: role_arn: str session_duration: int external_id: str + mfa_enabled: bool @dataclass @@ -44,6 +45,7 @@ class AWS_Audit_Info: profile: str profile_region: str credentials: AWS_Credentials + mfa_enabled: bool assumed_role_info: AWS_Assume_Role audited_regions: list audit_resources: list diff --git a/prowler/providers/common/audit_info.py b/prowler/providers/common/audit_info.py index 949fcf8ca6..6f27524006 100644 --- a/prowler/providers/common/audit_info.py +++ b/prowler/providers/common/audit_info.py @@ -77,8 +77,10 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE # Assume Role Options input_role = arguments.get("role") + current_audit_info.assumed_role_info.role_arn = input_role input_session_duration = arguments.get("session_duration") input_external_id = arguments.get("external_id") + # Since the range(i,j) goes from i to j-1 we have to j+1 if input_session_duration and input_session_duration not in range(900, 43201): raise Exception("Value for -T option must be between 900 and 43200") @@ -89,6 +91,10 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE if not input_role: raise Exception("To use -I/-T options -R option is needed") + # MFA Configuration (false by default) + input_mfa = arguments.get("mfa") + current_audit_info.mfa_enabled = input_mfa + input_profile = arguments.get("profile") input_regions = arguments.get("region") organizations_role_arn = arguments.get("organizations_role") @@ -143,6 +149,8 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE current_audit_info.assumed_role_info.session_duration = ( input_session_duration ) + current_audit_info.assumed_role_info.external_id = input_external_id + current_audit_info.assumed_role_info.mfa_enabled = input_mfa # Check if role arn is valid try: @@ -174,6 +182,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE input_session_duration ) current_audit_info.assumed_role_info.external_id = input_external_id + current_audit_info.assumed_role_info.mfa_enabled = input_mfa # Check if role arn is valid try: @@ -210,6 +219,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE ) # new session is needed assumed_session = aws_provider.set_session(current_audit_info) + if assumed_session: logger.info("Audit session is the new session created assuming role") current_audit_info.audit_session = assumed_session @@ -219,6 +229,7 @@ Azure Identity Type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RE else: logger.info("Audit session is the original one") current_audit_info.audit_session = current_audit_info.original_session + # Setting default region of session if current_audit_info.audit_session.region_name: current_audit_info.profile_region = ( diff --git a/tests/lib/check/check_test.py b/tests/lib/check/check_test.py index 26746ea570..3385f74948 100644 --- a/tests/lib/check/check_test.py +++ b/tests/lib/check/check_test.py @@ -157,6 +157,7 @@ class Test_Check: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/lib/cli/parser_test.py b/tests/lib/cli/parser_test.py index e63f8e96a9..b3f4565972 100644 --- a/tests/lib/cli/parser_test.py +++ b/tests/lib/cli/parser_test.py @@ -677,6 +677,12 @@ class Test_Parser: parsed = self.parser.parse(command) assert parsed.role == role + def test_aws_parser_mfa(self): + argument = "--mfa" + command = [prowler_command, argument] + parsed = self.parser.parse(command) + assert parsed.mfa + def test_aws_parser_session_duration_short(self): argument = "-T" duration = "900" diff --git a/tests/lib/outputs/outputs_test.py b/tests/lib/outputs/outputs_test.py index 6958591031..ce5d3c82f0 100644 --- a/tests/lib/outputs/outputs_test.py +++ b/tests/lib/outputs/outputs_test.py @@ -94,6 +94,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) test_output_modes = [ ["csv"], @@ -413,6 +414,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) finding = Check_Report( load_check_metadata( @@ -489,6 +491,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) # Creat mock bucket bucket_name = "test_bucket" @@ -539,6 +542,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) # Creat mock bucket bucket_name = "test_bucket" @@ -596,6 +600,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) # Creat mock bucket bucket_name = "test_bucket" @@ -704,6 +709,7 @@ class Test_Outputs: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) finding = Check_Report( load_check_metadata( diff --git a/tests/lib/outputs/slack_test.py b/tests/lib/outputs/slack_test.py index befcafdf53..e176390665 100644 --- a/tests/lib/outputs/slack_test.py +++ b/tests/lib/outputs/slack_test.py @@ -43,6 +43,7 @@ class Test_Slack_Integration: audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) gcp_audit_info = GCP_Audit_Info( credentials=None, diff --git a/tests/providers/aws/aws_provider_test.py b/tests/providers/aws/aws_provider_test.py index 68318557fd..985f800790 100644 --- a/tests/providers/aws/aws_provider_test.py +++ b/tests/providers/aws/aws_provider_test.py @@ -1,5 +1,6 @@ import boto3 import sure # noqa +from mock import patch from moto import mock_iam, mock_sts from prowler.providers.aws.aws_provider import ( @@ -15,13 +16,13 @@ ACCOUNT_ID = 123456789012 class Test_AWS_Provider: @mock_iam @mock_sts - def test_assume_role(self): + def test_assume_role_without_mfa(self): # Variables role_name = "test-role" role_arn = f"arn:aws:iam::{ACCOUNT_ID}:role/{role_name}" session_duration_seconds = 900 audited_regions = "eu-west-1" - sessionName = "ProwlerProAsessmentSession" + sessionName = "ProwlerAsessmentSession" # Boto 3 client to create our user iam_client = boto3.client("iam", region_name="us-east-1") # IAM user @@ -55,10 +56,12 @@ class Test_AWS_Provider: role_arn=role_arn, session_duration=session_duration_seconds, external_id=None, + mfa_enabled=False, ), audited_regions=audited_regions, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) # Call assume_role @@ -92,6 +95,92 @@ class Test_AWS_Provider: 21 + 1 + len(sessionName) ) + @mock_iam + @mock_sts + def test_assume_role_with_mfa(self): + # Variables + role_name = "test-role" + role_arn = f"arn:aws:iam::{ACCOUNT_ID}:role/{role_name}" + session_duration_seconds = 900 + audited_regions = "eu-west-1" + sessionName = "ProwlerAsessmentSession" + # Boto 3 client to create our user + iam_client = boto3.client("iam", region_name="us-east-1") + # IAM user + iam_user = iam_client.create_user(UserName="test-user")["User"] + access_key = iam_client.create_access_key(UserName=iam_user["UserName"])[ + "AccessKey" + ] + access_key_id = access_key["AccessKeyId"] + secret_access_key = access_key["SecretAccessKey"] + # New Boto3 session with the previously create user + session = boto3.session.Session( + aws_access_key_id=access_key_id, + aws_secret_access_key=secret_access_key, + region_name="us-east-1", + ) + + # Fulfil the input session object for Prowler + audit_info = AWS_Audit_Info( + session_config=None, + original_session=session, + audit_session=None, + audited_account=None, + audited_account_arn=None, + audited_partition=None, + audited_identity_arn=None, + audited_user_id=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=AWS_Assume_Role( + role_arn=role_arn, + session_duration=session_duration_seconds, + external_id=None, + mfa_enabled=True, + ), + audited_regions=audited_regions, + organizations_metadata=None, + audit_resources=None, + mfa_enabled=False, + ) + + # Call assume_role + aws_provider = AWS_Provider(audit_info) + # Patch MFA + with patch( + "prowler.providers.aws.aws_provider.input_role_mfa_token_and_code", + return_value=(f"arn:aws:iam::{ACCOUNT_ID}:mfa/test-role-mfa", "111111"), + ): + assume_role_response = assume_role( + aws_provider.aws_session, aws_provider.role_info + ) + # Recover credentials for the assume role operation + credentials = assume_role_response["Credentials"] + # Test the response + # SessionToken + credentials["SessionToken"].should.have.length_of(356) + credentials["SessionToken"].startswith("FQoGZXIvYXdzE") + # AccessKeyId + credentials["AccessKeyId"].should.have.length_of(20) + credentials["AccessKeyId"].startswith("ASIA") + # SecretAccessKey + credentials["SecretAccessKey"].should.have.length_of(40) + # Assumed Role + assume_role_response["AssumedRoleUser"]["Arn"].should.equal( + f"arn:aws:sts::{ACCOUNT_ID}:assumed-role/{role_name}/{sessionName}" + ) + # AssumedRoleUser + assert assume_role_response["AssumedRoleUser"]["AssumedRoleId"].startswith( + "AROA" + ) + assert assume_role_response["AssumedRoleUser"]["AssumedRoleId"].endswith( + ":" + sessionName + ) + assume_role_response["AssumedRoleUser"][ + "AssumedRoleId" + ].should.have.length_of(21 + 1 + len(sessionName)) + def test_generate_regional_clients(self): # New Boto3 session with the previously create user session = boto3.session.Session( @@ -115,6 +204,7 @@ class Test_AWS_Provider: audited_regions=audited_regions, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) generate_regional_clients_response = generate_regional_clients( "ec2", audit_info @@ -146,6 +236,7 @@ class Test_AWS_Provider: audited_regions=audited_regions, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) generate_regional_clients_response = generate_regional_clients( "route53", audit_info, global_service=True @@ -176,6 +267,7 @@ class Test_AWS_Provider: audited_regions=audited_regions, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) generate_regional_clients_response = generate_regional_clients( "shield", audit_info, global_service=True diff --git a/tests/providers/aws/lib/allowlist/allowlist_test.py b/tests/providers/aws/lib/allowlist/allowlist_test.py index 00e440fd58..8355d9b17f 100644 --- a/tests/providers/aws/lib/allowlist/allowlist_test.py +++ b/tests/providers/aws/lib/allowlist/allowlist_test.py @@ -37,6 +37,7 @@ class Test_Allowlist: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py index 42825b2685..74cd2f6362 100644 --- a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py +++ b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py @@ -90,6 +90,7 @@ class Test_AccessAnalyzer_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/acm/acm_service_test.py b/tests/providers/aws/services/acm/acm_service_test.py index c7efdebff2..77df78194f 100644 --- a/tests/providers/aws/services/acm/acm_service_test.py +++ b/tests/providers/aws/services/acm/acm_service_test.py @@ -116,6 +116,7 @@ class Test_ACM_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py index ac9f06210e..fcdd85700d 100644 --- a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py @@ -31,6 +31,7 @@ class Test_apigateway_authorizers_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py index 49ae52e2e0..b3159a3780 100644 --- a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py @@ -31,6 +31,7 @@ class Test_apigateway_client_certificate_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py b/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py index 82536ffc74..db87d53d08 100644 --- a/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py @@ -30,6 +30,7 @@ class Test_apigateway_endpoint_public: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py index a7d919fb8d..bcf99a6c4c 100644 --- a/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py @@ -30,6 +30,7 @@ class Test_apigateway_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_service_test.py b/tests/providers/aws/services/apigateway/apigateway_service_test.py index 442aa9dde8..3f1440b90a 100644 --- a/tests/providers/aws/services/apigateway/apigateway_service_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_service_test.py @@ -30,6 +30,7 @@ class Test_APIGateway_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py index 2dc6989332..22863a4e44 100644 --- a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py @@ -30,6 +30,7 @@ class Test_apigateway_waf_acl_attached: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py index 7dd46d2fc9..de9c5d01b3 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py @@ -59,6 +59,7 @@ class Test_apigatewayv2_access_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py index 113f393030..ccd6a2105f 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py @@ -59,6 +59,7 @@ class Test_apigatewayv2_authorizers_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py index 072d8173a5..3d62c736c0 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py @@ -61,6 +61,7 @@ class Test_ApiGatewayV2_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/appstream/appstream_service_test.py b/tests/providers/aws/services/appstream/appstream_service_test.py index 3a3c139747..d7945c2337 100644 --- a/tests/providers/aws/services/appstream/appstream_service_test.py +++ b/tests/providers/aws/services/appstream/appstream_service_test.py @@ -83,6 +83,7 @@ class Test_AppStream_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py index 5c3a939b9c..a8d0990644 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py @@ -30,6 +30,7 @@ class Test_autoscaling_find_secrets_ec2_launch_configuration: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py b/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py index a08e901e31..067515c480 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py @@ -30,6 +30,7 @@ class Test_autoscaling_group_multiple_az: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py index b585e1cb33..b175d29460 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py @@ -32,6 +32,7 @@ class Test_AutoScaling_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py b/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py index a16f10d18a..c48ec6713c 100644 --- a/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py @@ -45,6 +45,7 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/awslambda/awslambda_service_test.py b/tests/providers/aws/services/awslambda/awslambda_service_test.py index b8cbc7b184..78471528eb 100644 --- a/tests/providers/aws/services/awslambda/awslambda_service_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_service_test.py @@ -87,6 +87,7 @@ class Test_Lambda_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, audit_metadata=Audit_Metadata( services_scanned=0, # We need to set this check to call __list_functions__ diff --git a/tests/providers/aws/services/backup/backup_service_test.py b/tests/providers/aws/services/backup/backup_service_test.py index 9b9d8dc54e..e4b5449de0 100644 --- a/tests/providers/aws/services/backup/backup_service_test.py +++ b/tests/providers/aws/services/backup/backup_service_test.py @@ -93,6 +93,7 @@ class Test_Backup_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudformation/cloudformation_service_test.py b/tests/providers/aws/services/cloudformation/cloudformation_service_test.py index 04279d3370..5ecf01021a 100644 --- a/tests/providers/aws/services/cloudformation/cloudformation_service_test.py +++ b/tests/providers/aws/services/cloudformation/cloudformation_service_test.py @@ -154,6 +154,7 @@ class Test_CloudFormation_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudfront/cloudfront_service_test.py b/tests/providers/aws/services/cloudfront/cloudfront_service_test.py index 53828408f2..b4c6b62114 100644 --- a/tests/providers/aws/services/cloudfront/cloudfront_service_test.py +++ b/tests/providers/aws/services/cloudfront/cloudfront_service_test.py @@ -175,6 +175,7 @@ class Test_CloudFront_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py index 72ee7922b4..4ba123ec9d 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py @@ -36,6 +36,7 @@ class Test_cloudtrail_bucket_requires_mfa_delete: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py index f1f2bfbf28..4c734bea6b 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py @@ -31,6 +31,7 @@ class Test_cloudtrail_cloudwatch_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py index 2d52893425..abcd7e34f3 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_insights_exist: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py index 50fc6f57c6..0c125ac7d1 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_kms_encryption_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py index 221188a575..5315f014a7 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_log_file_validation_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py index 1578421893..6ba9fe711b 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_logs_s3_bucket_access_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py index 75a3c66c78..58acee273f 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_logs_s3_bucket_is_not_publicly_accessible: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py index 088a798ab3..b8db5722e4 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py @@ -31,6 +31,7 @@ class Test_cloudtrail_multi_region_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py index 2ce72f24a1..d505453b13 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_s3_dataevents_read_enabled: audited_regions=["us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py index 4d1c31d1d4..2275e09a86 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudtrail_s3_dataevents_write_enabled: audited_regions=["us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py index c3adb01c88..eca7ce61c6 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py @@ -29,6 +29,7 @@ class Test_Cloudtrail_Service: audited_regions=["eu-west-1", "us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py index e688633a77..0d4413736d 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py index b7abe6e207..d8374c026a 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py index 1c00c5f645..932f85206e 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py index e99aad8b68..ba61bfd94d 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py index 669b92b406..f78528d41d 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py @@ -30,6 +30,7 @@ class Test_cloudwatch_cross_account_sharing_disabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py index 60991461bd..4bf45aee3b 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py index 88f218a1eb..6ee58934f1 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py @@ -32,6 +32,7 @@ class Test_cloudwatch_log_group_no_secrets_in_logs: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py index 833c8ee77d..77ecae1494 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py @@ -30,6 +30,7 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py index e5660c8787..204bcaa47c 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_c audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py index cd8f44ba96..5d823684d3 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_c audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py index 0fc548c107..2e141cb383 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_authentication_failures: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py index 2458d56eb3..16f99d2271 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py index 9bd2a8944a..5465dbea52 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py index 36a616b74a..57401bf10d 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_for_s3_bucket_policy_changes: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py index 28bc448e8c..f65e663e1b 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py index 65cd8820ca..2c32ff619c 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_root_usage: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py index 764e5271a8..53751b984d 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py index 844dfd1b89..ec2b8217d8 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_sign_in_without_mfa: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py index b5d0fae394..4f7cb652e8 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py @@ -31,6 +31,7 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py index 33690eabca..43e8999cc1 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py @@ -34,6 +34,7 @@ class Test_CloudWatch_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, audit_metadata=Audit_Metadata( services_scanned=0, # We need to set this check to call __describe_log_groups__ diff --git a/tests/providers/aws/services/codeartifact/codeartifact_service_test.py b/tests/providers/aws/services/codeartifact/codeartifact_service_test.py index 434fc254eb..6ad3f3ea61 100644 --- a/tests/providers/aws/services/codeartifact/codeartifact_service_test.py +++ b/tests/providers/aws/services/codeartifact/codeartifact_service_test.py @@ -123,6 +123,7 @@ class Test_CodeArtifact_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/codebuild/codebuild_service_test.py b/tests/providers/aws/services/codebuild/codebuild_service_test.py index bc71422b0d..1afad5aef0 100644 --- a/tests/providers/aws/services/codebuild/codebuild_service_test.py +++ b/tests/providers/aws/services/codebuild/codebuild_service_test.py @@ -72,6 +72,7 @@ class Test_Codebuild_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py index 44f68436ed..eacc3dd3ae 100644 --- a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py +++ b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py @@ -30,6 +30,7 @@ class Test_config_recorder_all_regions_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/config/config_service_test.py b/tests/providers/aws/services/config/config_service_test.py index 4beeab168c..612cd08448 100644 --- a/tests/providers/aws/services/config/config_service_test.py +++ b/tests/providers/aws/services/config/config_service_test.py @@ -30,6 +30,7 @@ class Test_Config_Service: audited_regions=["eu-west-1", "us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/directoryservice/directoryservice_service_test.py b/tests/providers/aws/services/directoryservice/directoryservice_service_test.py index 7f26ec87bc..fbaec5feba 100644 --- a/tests/providers/aws/services/directoryservice/directoryservice_service_test.py +++ b/tests/providers/aws/services/directoryservice/directoryservice_service_test.py @@ -138,6 +138,7 @@ class Test_DirectoryService_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/drs/drs_service_test.py b/tests/providers/aws/services/drs/drs_service_test.py index ea1f10f5a3..5cd573ed72 100644 --- a/tests/providers/aws/services/drs/drs_service_test.py +++ b/tests/providers/aws/services/drs/drs_service_test.py @@ -76,6 +76,7 @@ class Test_DRS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py index acda5062ec..476059d651 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled_test.py @@ -31,6 +31,7 @@ class Test_dynamodb_accelerator_cluster_encryption_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py index 8cd6d3cc3c..6ceb6e6ebd 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py @@ -30,6 +30,7 @@ class Test_DynamoDB_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py index fe4ae0f8fe..3700454d5d 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled_test.py @@ -31,6 +31,7 @@ class Test_dynamodb_tables_kms_cmk_encryption_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py b/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py index 8527af7aa5..220b0e69ec 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled_test.py @@ -31,6 +31,7 @@ class Test_dynamodb_tables_pitr_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py b/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py index a6d52f0f72..d780f7b1c7 100644 --- a/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py +++ b/tests/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public_test.py @@ -31,6 +31,7 @@ class Test_ec2_ami_public: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py b/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py index fdca3fa79f..95b9597824 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_test.py @@ -32,6 +32,7 @@ class Test_ec2_ebs_default_encryption: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py b/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py index f389aad0e5..e49c78eed5 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_test.py @@ -41,6 +41,7 @@ class Test_ec2_ebs_public_snapshot: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py b/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py index 84cb6956f4..082321378a 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted_test.py @@ -41,6 +41,7 @@ class Test_ec2_ebs_snapshots_encrypted: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py b/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py index 7b13c2755c..812d7209ee 100644 --- a/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py +++ b/tests/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption_test.py @@ -30,6 +30,7 @@ class Test_ec2_ebs_volume_encryption: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py b/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py index 7d6a68fc05..7f44cd5822 100644 --- a/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py +++ b/tests/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan_test.py @@ -32,6 +32,7 @@ class Test_ec2_elastic_ip_shodan: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py b/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py index 6ec6068190..0ba6095f3c 100644 --- a/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py +++ b/tests/providers/aws/services/ec2/ec2_elastic_ip_unassgined/ec2_elastic_ip_unassgined_test.py @@ -32,6 +32,7 @@ class Test_ec2_elastic_ip_unassgined: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py b/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py index 91fa3cc9fc..ad791fb789 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled_test.py @@ -32,6 +32,7 @@ class Test_ec2_instance_imdsv2_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py b/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py index e91a268ff1..b21aedd560 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile_test.py @@ -32,6 +32,7 @@ class Test_ec2_instance_internet_facing_with_instance_profile: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py b/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py index 2d934ebb12..154bcd1e59 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days_test.py @@ -34,6 +34,7 @@ class Test_ec2_instance_older_than_specific_days: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py b/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py index 62323ef6f5..c2fb81fa24 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached_test.py @@ -32,6 +32,7 @@ class Test_ec2_instance_profile_attached: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py index c4959f80ec..54498a5b1f 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py @@ -32,6 +32,7 @@ class Test_ec2_instance_public_ip: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py index 2ea7b5a0e7..a1290f131c 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py @@ -31,6 +31,7 @@ class Test_ec2_instance_secrets_user_data: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py index 9627f7c2b0..115a2874d1 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py @@ -30,6 +30,7 @@ class ec2_networkacl_allow_ingress_any_port: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py index 6ba3e2b235..3cb2240d19 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py @@ -30,6 +30,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_22: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py index 86018ac177..e97b429e58 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py @@ -30,6 +30,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_3389: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py index b21fb1ace0..2a2b660cac 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py index ec4bf65b6d..8651457dde 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_2 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py index 6e28f9ad62..e995c633ba 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py index 0db687d103..cd0c1e86ad 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py index f2ae348434..c9dafa849f 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py index e58e6fcd52..3453805ca8 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py index d848d25483..fa3ec82f89 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsear audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py index c5b9784196..9dfbaaf248 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py index 054d859668..70d0243fde 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_1 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py index 506a8df295..687446e600 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py index df0220d9f9..36adfc08c1 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py index ae70209dc3..55760f6365 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54 audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py index ac2fcab7e0..0b60b85386 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py index a52cfe773b..6f0c231b95 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py @@ -31,6 +31,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_ audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py index ed02120f18..47f3beebb9 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py index ee22238a12..cbc1ee7d12 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_allow_wide_open_public_ipv4: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py index c9244c4cee..105d062aac 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic_test.py @@ -30,6 +30,7 @@ class Test_ec2_securitygroup_default_restrict_traffic: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py index ffb119be63..6331fcfb82 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard_test.py @@ -32,6 +32,7 @@ class Test_ec2_securitygroup_from_launch_wizard: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py index 18ed73e70e..d5b430fb41 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used_test.py @@ -32,6 +32,7 @@ class Test_ec2_securitygroup_not_used: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py index 2f89973a8c..29178d790c 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules_test.py @@ -31,6 +31,7 @@ class Test_ec2_securitygroup_with_many_ingress_egress_rules: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ec2/ec2_service_test.py b/tests/providers/aws/services/ec2/ec2_service_test.py index 7d3616431b..8041ffe74b 100644 --- a/tests/providers/aws/services/ec2/ec2_service_test.py +++ b/tests/providers/aws/services/ec2/ec2_service_test.py @@ -39,6 +39,7 @@ class Test_EC2_Service: audited_regions=["eu-west-1", "us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ecr/ecr_service_test.py b/tests/providers/aws/services/ecr/ecr_service_test.py index 3edac35246..b27b87509c 100644 --- a/tests/providers/aws/services/ecr/ecr_service_test.py +++ b/tests/providers/aws/services/ecr/ecr_service_test.py @@ -115,6 +115,7 @@ class Test_ECR_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ecs/ecs_service_test.py b/tests/providers/aws/services/ecs/ecs_service_test.py index 9ce3e877ee..2feb2358fe 100644 --- a/tests/providers/aws/services/ecs/ecs_service_test.py +++ b/tests/providers/aws/services/ecs/ecs_service_test.py @@ -42,6 +42,7 @@ class Test_ECS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/efs/efs_service_test.py b/tests/providers/aws/services/efs/efs_service_test.py index f95d2fde25..06e13c89a4 100644 --- a/tests/providers/aws/services/efs/efs_service_test.py +++ b/tests/providers/aws/services/efs/efs_service_test.py @@ -74,6 +74,7 @@ class Test_EFS: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/eks/eks_service_test.py b/tests/providers/aws/services/eks/eks_service_test.py index 55127e6bea..23222053e5 100644 --- a/tests/providers/aws/services/eks/eks_service_test.py +++ b/tests/providers/aws/services/eks/eks_service_test.py @@ -47,6 +47,7 @@ class Test_EKS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py index 7c2e91dc70..df61e8b40a 100644 --- a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py @@ -31,6 +31,7 @@ class Test_elb_insecure_ssl_ciphers: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py index ccec367f2c..fc3ad525bb 100644 --- a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py +++ b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py @@ -31,6 +31,7 @@ class Test_elb_request_smugling: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py index c163dd2788..4f5033c631 100644 --- a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py +++ b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py @@ -31,6 +31,7 @@ class Test_elb_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_service_test.py b/tests/providers/aws/services/elb/elb_service_test.py index 4792dd59f1..b94cb766e6 100644 --- a/tests/providers/aws/services/elb/elb_service_test.py +++ b/tests/providers/aws/services/elb/elb_service_test.py @@ -30,6 +30,7 @@ class Test_ELB_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py index 5531d1618f..0a39512947 100644 --- a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py +++ b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py @@ -31,6 +31,7 @@ class Test_elb_ssl_listeners: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py index 86ff9059b9..1ec2d7528e 100644 --- a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py @@ -31,6 +31,7 @@ class Test_elbv2_deletion_protection: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py b/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py index 248fea358d..532cc4dac2 100644 --- a/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode_test.py @@ -31,6 +31,7 @@ class Test_elbv2_desync_mitigation_mode: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py index 5f8261679e..e70e4babf4 100644 --- a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py @@ -31,6 +31,7 @@ class Test_elbv2_insecure_ssl_ciphers: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py b/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py index e0a3e5a896..10edf37b13 100644 --- a/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing_test.py @@ -31,6 +31,7 @@ class Test_elbv2_internet_facing: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py b/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py index a07110e2f2..08531ab3fb 100644 --- a/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath_test.py @@ -31,6 +31,7 @@ class Test_elbv2_listeners_underneath: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py index 397edc839e..3b52b21923 100644 --- a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py @@ -31,6 +31,7 @@ class Test_elbv2_logging_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_service_test.py b/tests/providers/aws/services/elbv2/elbv2_service_test.py index c14ac45507..17abd40313 100644 --- a/tests/providers/aws/services/elbv2/elbv2_service_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_service_test.py @@ -30,6 +30,7 @@ class Test_ELBv2_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py b/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py index b17a7789d0..37180436d1 100644 --- a/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners_test.py @@ -31,6 +31,7 @@ class Test_elbv2_ssl_listeners: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py b/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py index 0786236f0f..2f69895e58 100644 --- a/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached_test.py @@ -53,6 +53,7 @@ class Test_elbv2_waf_acl_attached: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py b/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py index 129ca6010d..60fcadf3c9 100644 --- a/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py +++ b/tests/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible_test.py @@ -33,6 +33,7 @@ class Test_emr_cluster_publicly_accesible: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/emr/emr_service_test.py b/tests/providers/aws/services/emr/emr_service_test.py index 92c354fadf..1e88ed5bf1 100644 --- a/tests/providers/aws/services/emr/emr_service_test.py +++ b/tests/providers/aws/services/emr/emr_service_test.py @@ -69,6 +69,7 @@ class Test_EMR_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/fms/fms_service_test.py b/tests/providers/aws/services/fms/fms_service_test.py index 6cdf26b26c..9f32e3eff0 100644 --- a/tests/providers/aws/services/fms/fms_service_test.py +++ b/tests/providers/aws/services/fms/fms_service_test.py @@ -85,6 +85,7 @@ class Test_FMS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/glacier/glacier_service_test.py b/tests/providers/aws/services/glacier/glacier_service_test.py index 460ce0b2b5..00b11870dc 100644 --- a/tests/providers/aws/services/glacier/glacier_service_test.py +++ b/tests/providers/aws/services/glacier/glacier_service_test.py @@ -96,6 +96,7 @@ class Test_Glacier_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py b/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py index 60bdc25d3a..c1d9f4dfff 100644 --- a/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py +++ b/tests/providers/aws/services/globalaccelerator/globalaccelerator_service_test.py @@ -70,6 +70,7 @@ class Test_GlobalAccelerator_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/glue/glue_service_test.py b/tests/providers/aws/services/glue/glue_service_test.py index 42f78ce42d..c23f56d1b8 100644 --- a/tests/providers/aws/services/glue/glue_service_test.py +++ b/tests/providers/aws/services/glue/glue_service_test.py @@ -138,6 +138,7 @@ class Test_Glue_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/guardduty/guardduty_service_test.py b/tests/providers/aws/services/guardduty/guardduty_service_test.py index e1bf6bd9e9..572f2d8b56 100644 --- a/tests/providers/aws/services/guardduty/guardduty_service_test.py +++ b/tests/providers/aws/services/guardduty/guardduty_service_test.py @@ -80,6 +80,7 @@ class Test_GuardDuty_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py index 3ed572dc24..818a3cf45f 100644 --- a/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py +++ b/tests/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa_test.py @@ -34,6 +34,7 @@ class Test_iam_administrator_access_with_mfa_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py index f5539eac4f..1c2e67d005 100644 --- a/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py +++ b/tests/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage_test.py @@ -35,6 +35,7 @@ class Test_iam_avoid_root_usage: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py index ca34c3231e..890bd00741 100644 --- a/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges_test.py @@ -30,6 +30,7 @@ class Test_iam_aws_attached_policy_no_administrative_privileges_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py index b86cf7cc92..d6693a35a0 100644 --- a/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py +++ b/tests/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts_test.py @@ -32,6 +32,7 @@ class Test_iam_check_saml_providers_sts: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py index b90678af0c..4afa1f1c50 100644 --- a/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges_test.py @@ -31,6 +31,7 @@ class Test_iam_customer_attached_policy_no_administrative_privileges_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py index b332473613..22aa40cbe1 100644 --- a/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py +++ b/tests/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges_test.py @@ -31,6 +31,7 @@ class Test_iam_customer_unattached_policy_no_administrative_privileges_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py index e1c0974bee..916b95941a 100644 --- a/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py @@ -34,6 +34,7 @@ class Test_iam_disable_30_days_credentials_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py index 3ac41b4d60..0b6a3747c9 100644 --- a/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py @@ -34,6 +34,7 @@ class Test_iam_disable_45_days_credentials_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py b/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py index df5f991f8c..0be08a4d14 100644 --- a/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py +++ b/tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py @@ -34,6 +34,7 @@ class Test_iam_disable_90_days_credentials_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py index 77656567fc..c26e34f195 100644 --- a/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py +++ b/tests/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption_test.py @@ -34,6 +34,7 @@ class Test_iam_no_custom_policy_permissive_role_assumption: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py index 5b54791597..0f9b99c410 100644 --- a/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py +++ b/tests/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored_test.py @@ -33,6 +33,7 @@ class Test_iam_no_expired_server_certificates_stored_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py index dc9666017b..959b125207 100644 --- a/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py @@ -33,6 +33,7 @@ class Test_iam_no_root_access_key_test: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py index ce719683cd..83a7df39ad 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_test.py @@ -33,6 +33,7 @@ class Test_iam_password_policy_expires_passwords_within_90_days_or_less: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py index d3b1a62a86..b8abb4dc9c 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py @@ -30,6 +30,7 @@ class Test_iam_password_policy_lowercase: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py index 8b55dde656..ed2d736f01 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py @@ -30,6 +30,7 @@ class Test_iam_password_policy_minimum_length_14: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py index c11057ad3a..f9a5633161 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py @@ -30,6 +30,7 @@ class Test_iam_password_policy_number: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py index 9741aa4a9a..3b080deadc 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_test.py @@ -29,6 +29,7 @@ class Test_iam_password_policy_reuse_24: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py index b95f3d5c7f..d19a060959 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py @@ -30,6 +30,7 @@ class Test_iam_password_policy_symbol: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py index 764c6532e5..ca49611824 100644 --- a/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py +++ b/tests/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_test.py @@ -29,6 +29,7 @@ class Test_iam_password_policy_uppercase: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py index 0a28fccaca..7519cf0836 100644 --- a/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py +++ b/tests/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation_test.py @@ -31,6 +31,7 @@ class Test_iam_policy_allows_privilege_escalation: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py index be1021b7dc..6c4882a9e7 100644 --- a/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py +++ b/tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py @@ -31,6 +31,7 @@ class Test_iam_policy_attached_only_to_group_or_roles: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py index 3e4757b8c8..894e3a2d45 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail_test.py @@ -30,6 +30,7 @@ class Test_iam_policy_no_full_access_to_cloudtrail: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py index bd62865b7b..eef57bceb5 100644 --- a/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py +++ b/tests/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms_test.py @@ -30,6 +30,7 @@ class Test_iam_policy_no_full_access_to_kms: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py index 122feb5f08..72722c24c8 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py @@ -32,6 +32,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py index 9d06185233..a77be12061 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py @@ -32,6 +32,7 @@ class Test_iam_role_cross_service_confused_deputy_prevention: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py index 96352c4aa0..f05a38f239 100644 --- a/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py @@ -30,6 +30,7 @@ class Test_iam_root_hardware_mfa_enabled_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py index 2582efa214..38ba648a99 100644 --- a/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled_test.py @@ -30,6 +30,7 @@ class Test_iam_root_mfa_enabled_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py index d0551924b9..1c5c7386b5 100644 --- a/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py +++ b/tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py @@ -30,6 +30,7 @@ class Test_iam_rotate_access_key_90_days_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py index 8049cb703e..eeb34c0909 100644 --- a/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created_test.py @@ -33,6 +33,7 @@ class Test_iam_securityaudit_role_created: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_service_test.py b/tests/providers/aws/services/iam/iam_service_test.py index e83a089244..29c98205b2 100644 --- a/tests/providers/aws/services/iam/iam_service_test.py +++ b/tests/providers/aws/services/iam/iam_service_test.py @@ -33,6 +33,7 @@ class Test_IAM_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py index fe025f5bb9..d1f0e036d9 100644 --- a/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py +++ b/tests/providers/aws/services/iam/iam_support_role_created/iam_support_role_created_test.py @@ -31,6 +31,7 @@ class Test_iam_support_role_created: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py index bf3b689479..fa5cad224b 100644 --- a/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py @@ -30,6 +30,7 @@ class Test_iam_user_hardware_mfa_enabled_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py index 4666b2039f..326edec8f5 100644 --- a/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py +++ b/tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py @@ -29,6 +29,7 @@ class Test_iam_user_mfa_enabled_console_access_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py index 0fae473517..ad7bfe2c40 100644 --- a/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key_test.py @@ -31,6 +31,7 @@ class Test_iam_user_no_setup_initial_access_key_test: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py index 909e69067c..9cfece9b25 100644 --- a/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py +++ b/tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py @@ -30,6 +30,7 @@ class Test_iam_user_two_active_access_key: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/inspector2/inspector2_service_test.py b/tests/providers/aws/services/inspector2/inspector2_service_test.py index ae95e1b189..cb110179dc 100644 --- a/tests/providers/aws/services/inspector2/inspector2_service_test.py +++ b/tests/providers/aws/services/inspector2/inspector2_service_test.py @@ -102,6 +102,7 @@ class Test_Inspector2_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py b/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py index 78f5eec170..7df3d055d5 100644 --- a/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py +++ b/tests/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used_test.py @@ -30,6 +30,7 @@ class Test_kms_cmk_are_used: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py b/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py index 987ab5c96d..b1cc22b1af 100644 --- a/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py +++ b/tests/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_test.py @@ -30,6 +30,7 @@ class Test_kms_cmk_rotation_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py b/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py index de4e98d3f9..dd99ab8fc0 100644 --- a/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible_test.py @@ -31,6 +31,7 @@ class Test_kms_key_not_publicly_accessible: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/kms/kms_service_test.py b/tests/providers/aws/services/kms/kms_service_test.py index c35c7891cc..a7ea3c96ad 100644 --- a/tests/providers/aws/services/kms/kms_service_test.py +++ b/tests/providers/aws/services/kms/kms_service_test.py @@ -32,6 +32,7 @@ class Test_ACM_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/macie/macie_service_test.py b/tests/providers/aws/services/macie/macie_service_test.py index 6ac03ca845..1e1b72068b 100644 --- a/tests/providers/aws/services/macie/macie_service_test.py +++ b/tests/providers/aws/services/macie/macie_service_test.py @@ -67,6 +67,7 @@ class Test_Macie_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py b/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py index 4d040fb7c3..ddf91f7c88 100644 --- a/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py +++ b/tests/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc_test.py @@ -40,6 +40,7 @@ class Test_networkfirewall_in_all_vpc: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py b/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py index 53c3170c30..fcc0ab3c7c 100644 --- a/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py +++ b/tests/providers/aws/services/networkfirewall/networkfirewall_service_test.py @@ -85,6 +85,7 @@ class Test_NetworkFirewall_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/opensearch/opensearch_service_test.py b/tests/providers/aws/services/opensearch/opensearch_service_test.py index a4417c4d38..9c935ae64c 100644 --- a/tests/providers/aws/services/opensearch/opensearch_service_test.py +++ b/tests/providers/aws/services/opensearch/opensearch_service_test.py @@ -124,6 +124,7 @@ class Test_OpenSearchService_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py index 537cb9b8a4..ca8cdf8ec6 100644 --- a/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py +++ b/tests/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations_test.py @@ -34,6 +34,7 @@ class Test_organizations_account_part_of_organizations: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py index 995ed3838b..0e4de2e41c 100644 --- a/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py +++ b/tests/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators_test.py @@ -34,6 +34,7 @@ class Test_organizations_delegated_administrators: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py index 8df1279199..ebb701119f 100644 --- a/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py +++ b/tests/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions_test.py @@ -38,6 +38,7 @@ class Test_organizations_scp_check_deny_regions: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_service_test.py b/tests/providers/aws/services/organizations/organizations_service_test.py index 47a9258538..77fbf1ccae 100644 --- a/tests/providers/aws/services/organizations/organizations_service_test.py +++ b/tests/providers/aws/services/organizations/organizations_service_test.py @@ -39,6 +39,7 @@ class Test_Organizations_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py b/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py index e90767b2e2..653727d758 100644 --- a/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py +++ b/tests/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached_test.py @@ -37,6 +37,7 @@ class Test_organizations_tags_policies_enabled_and_attached: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py index 801592f358..c228aa16d5 100644 --- a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py @@ -53,6 +53,7 @@ class Test_rds_instance_backup_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py b/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py index de8573957c..515705f84e 100644 --- a/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py +++ b/tests/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection_test.py @@ -53,6 +53,7 @@ class Test_rds_instance_deletion_protection: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py b/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py index 567c520630..2dbe640a90 100644 --- a/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py +++ b/tests/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_deprecated_engine_version: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py index 7e42fa08de..b12177fd1a 100644 --- a/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_enhanced_monitoring_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py b/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py index 56da05ab90..3775eddd93 100644 --- a/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py +++ b/tests/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_integration_cloudwatch_logs: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py index 9b183b29d0..a1cab091d7 100644 --- a/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_minor_version_upgrade_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py b/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py index 87046ef00a..262c84ab56 100644 --- a/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py +++ b/tests/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az_test.py @@ -53,6 +53,7 @@ class Test_rds_instance_multi_az: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py index 1da59ea39d..88880c246e 100644 --- a/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py +++ b/tests/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_no_public_access: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py b/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py index b2b51a61ba..54f18ec778 100644 --- a/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py +++ b/tests/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_storage_encrypted: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py b/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py index a7d223a836..a639f8ccd1 100644 --- a/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py +++ b/tests/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted_test.py @@ -52,6 +52,7 @@ class Test_rds_instance_transport_encrypted: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_service_test.py b/tests/providers/aws/services/rds/rds_service_test.py index 7a8531c7e8..468bb70f34 100644 --- a/tests/providers/aws/services/rds/rds_service_test.py +++ b/tests/providers/aws/services/rds/rds_service_test.py @@ -51,6 +51,7 @@ class Test_RDS_Service: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py b/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py index 7fde31c4af..289688361c 100644 --- a/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py +++ b/tests/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access_test.py @@ -60,6 +60,7 @@ class Test_rds_snapshots_public_access: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/redshift/redshift_service_test.py b/tests/providers/aws/services/redshift/redshift_service_test.py index e27eeb87dd..8ec9c9b389 100644 --- a/tests/providers/aws/services/redshift/redshift_service_test.py +++ b/tests/providers/aws/services/redshift/redshift_service_test.py @@ -78,6 +78,7 @@ class Test_Redshift_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py index 8d86f6209c..639c061b3d 100644 --- a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py +++ b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found_test.py @@ -34,6 +34,7 @@ class Test_resourceexplorer2_indexes_found: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py index 5c9c897d35..a77e93bf4b 100644 --- a/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py +++ b/tests/providers/aws/services/resourceexplorer2/resourceexplorer2_service_test.py @@ -63,6 +63,7 @@ class Test_ResourceExplorer2_Service: audited_regions="us-east-1", organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py b/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py index fe0c979d95..fc6c97c3f0 100644 --- a/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py +++ b/tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py @@ -33,6 +33,7 @@ class Test_route53_dangling_ip_subdomain_takeover: audited_regions=[AWS_REGION], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/route53/route53_service_test.py b/tests/providers/aws/services/route53/route53_service_test.py index 1208255ce4..e316e1541f 100644 --- a/tests/providers/aws/services/route53/route53_service_test.py +++ b/tests/providers/aws/services/route53/route53_service_test.py @@ -55,6 +55,7 @@ class Test_Route53_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/route53/route53domains_service_test.py b/tests/providers/aws/services/route53/route53domains_service_test.py index 3d3e8b0e67..bef6c82312 100644 --- a/tests/providers/aws/services/route53/route53domains_service_test.py +++ b/tests/providers/aws/services/route53/route53domains_service_test.py @@ -91,6 +91,7 @@ class Test_Route53_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py b/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py index d63d587d5a..148b4f56f4 100644 --- a/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py +++ b/tests/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_test.py @@ -32,6 +32,7 @@ class Test_s3_account_level_public_access_blocks: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py b/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py index e70633a650..f2f0ccade7 100644 --- a/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_acl_prohibited: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py b/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py index ec14d0e238..b7b2e38da2 100644 --- a/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_default_encryption: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py b/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py index 557cab6403..d6de96dea4 100644 --- a/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_level_public_access_block: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py b/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py index 12c9807b7c..ff2e7af2bb 100644 --- a/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_no_mfa_delete: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py b/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py index c9bade1c8d..e380e6ba2d 100644 --- a/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_object_lock: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py b/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py index 41961c94bf..d4137fce98 100644 --- a/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_object_versioning: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py b/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py index 3d442bab08..950893bd64 100644 --- a/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_policy_public_write_access: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py b/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py index 4307dfc1f4..b9715584aa 100644 --- a/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_public_access: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py b/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py index 96e83d4b0b..a2d79a393b 100644 --- a/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_secure_transport_policy: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py b/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py index 0d0be26755..31a5ffc818 100644 --- a/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py +++ b/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py @@ -33,6 +33,7 @@ class Test_s3_bucket_server_access_logging_enabled: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/s3/s3_service_test.py b/tests/providers/aws/services/s3/s3_service_test.py index 6c03c8f729..abcd561f76 100644 --- a/tests/providers/aws/services/s3/s3_service_test.py +++ b/tests/providers/aws/services/s3/s3_service_test.py @@ -33,6 +33,7 @@ class Test_S3_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py index 916b5e6841..8fee084a02 100644 --- a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py +++ b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py @@ -125,6 +125,7 @@ class Test_SageMaker_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py b/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py index 6ab7761c66..b64153fe47 100644 --- a/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py +++ b/tests/providers/aws/services/secretsmanager/secretsmanager_service_test.py @@ -48,6 +48,7 @@ class Test_SecretsManager_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/securityhub/securityhub_service_test.py b/tests/providers/aws/services/securityhub/securityhub_service_test.py index 1736c172f6..47cd6743cc 100644 --- a/tests/providers/aws/services/securityhub/securityhub_service_test.py +++ b/tests/providers/aws/services/securityhub/securityhub_service_test.py @@ -78,6 +78,7 @@ class Test_SecurityHub_Service: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py index 1f935d6c6a..6fcefe2540 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips_test.py @@ -45,6 +45,7 @@ class Test_shield_advanced_protection_in_associated_elastic_ips: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py index 28c69c7285..23ce3a20bd 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers_test.py @@ -32,6 +32,7 @@ class Test_shield_advanced_protection_in_classic_load_balancers: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py b/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py index 379d8688c4..d7150b19ba 100644 --- a/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py +++ b/tests/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers_test.py @@ -45,6 +45,7 @@ class Test_shield_advanced_protection_in_internet_facing_load_balancers: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/shield/shield_service_test.py b/tests/providers/aws/services/shield/shield_service_test.py index 74edd6b242..0e5cc031bc 100644 --- a/tests/providers/aws/services/shield/shield_service_test.py +++ b/tests/providers/aws/services/shield/shield_service_test.py @@ -55,6 +55,7 @@ class Test_Shield_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/sns/sns_service_test.py b/tests/providers/aws/services/sns/sns_service_test.py index f5dca6fda8..cfb15392b3 100644 --- a/tests/providers/aws/services/sns/sns_service_test.py +++ b/tests/providers/aws/services/sns/sns_service_test.py @@ -69,6 +69,7 @@ class Test_SNS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/sqs/sqs_service_test.py b/tests/providers/aws/services/sqs/sqs_service_test.py index 229cca1ef4..d97f52c180 100644 --- a/tests/providers/aws/services/sqs/sqs_service_test.py +++ b/tests/providers/aws/services/sqs/sqs_service_test.py @@ -71,6 +71,7 @@ class Test_SQS_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ssm/ssm_service_test.py b/tests/providers/aws/services/ssm/ssm_service_test.py index 3f7dda49a6..301e8b2ed3 100644 --- a/tests/providers/aws/services/ssm/ssm_service_test.py +++ b/tests/providers/aws/services/ssm/ssm_service_test.py @@ -152,6 +152,7 @@ class Test_SSM_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py b/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py index b5d18dd9c2..78e06c53ed 100644 --- a/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py +++ b/tests/providers/aws/services/ssmincidents/ssmincidents_service_test.py @@ -88,6 +88,7 @@ class Test_SSMIncidents_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py index 704beaa42a..42d12d3188 100644 --- a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py +++ b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py @@ -44,6 +44,7 @@ class Test_TrustedAdvisor_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py b/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py index d8dbb10489..4a03068ba6 100644 --- a/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py +++ b/tests/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions_test.py @@ -30,6 +30,7 @@ class Test_vpc_different_regions: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py b/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py index 8d4b216f73..28a404f934 100644 --- a/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py +++ b/tests/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries_test.py @@ -37,6 +37,7 @@ class Test_vpc_endpoint_connections_trust_boundaries: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py b/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py index f7bd0fa9ae..2be6724baa 100644 --- a/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py +++ b/tests/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries_test.py @@ -56,6 +56,7 @@ class Test_vpc_endpoint_services_allowed_principals_trust_boundaries: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py b/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py index d210e24ecf..2ca4cb6602 100644 --- a/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py +++ b/tests/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled_test.py @@ -30,6 +30,7 @@ class Test_vpc_flow_logs_enabled: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py b/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py index 6ffa402cf7..e41517bd8f 100644 --- a/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py +++ b/tests/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege_test.py @@ -30,6 +30,7 @@ class Test_vpc_peering_routing_tables_with_least_privilege: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_service_test.py b/tests/providers/aws/services/vpc/vpc_service_test.py index 7688cab4a5..002e093834 100644 --- a/tests/providers/aws/services/vpc/vpc_service_test.py +++ b/tests/providers/aws/services/vpc/vpc_service_test.py @@ -32,6 +32,7 @@ class Test_VPC_Service: audited_regions=["eu-west-1", "us-east-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py b/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py index f936a34b81..e329e021c2 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az_test.py @@ -30,6 +30,7 @@ class Test_vpc_subnet_different_az: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py b/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py index ff4acfa7ed..bcb2a6b285 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default_test.py @@ -30,6 +30,7 @@ class Test_vpc_subnet_separate_private_public: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py b/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py index f14272a333..8d23c51db1 100644 --- a/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py +++ b/tests/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public_test.py @@ -30,6 +30,7 @@ class Test_vpc_subnet_separate_private_public: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/waf/waf_service_test.py b/tests/providers/aws/services/waf/waf_service_test.py index e903f0015b..aa597a4f5a 100644 --- a/tests/providers/aws/services/waf/waf_service_test.py +++ b/tests/providers/aws/services/waf/waf_service_test.py @@ -66,6 +66,7 @@ class Test_WAF_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/wafv2/wafv2_service_test.py b/tests/providers/aws/services/wafv2/wafv2_service_test.py index 8d5571514b..b679fa612f 100644 --- a/tests/providers/aws/services/wafv2/wafv2_service_test.py +++ b/tests/providers/aws/services/wafv2/wafv2_service_test.py @@ -30,6 +30,7 @@ class Test_WAFv2_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py b/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py index 285799b5f8..6b0a784ca6 100644 --- a/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py +++ b/tests/providers/aws/services/wellarchitected/wellarchitected_service_test.py @@ -74,6 +74,7 @@ class Test_WellArchitected_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/workspaces/workspaces_service_test.py b/tests/providers/aws/services/workspaces/workspaces_service_test.py index b10589d6c1..6bf24703c6 100644 --- a/tests/providers/aws/services/workspaces/workspaces_service_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_service_test.py @@ -70,6 +70,7 @@ class Test_WorkSpaces_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py index 04728d8997..71fe61084f 100644 --- a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py @@ -34,6 +34,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: audited_regions=["us-east-1", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/common/audit_info_test.py b/tests/providers/common/audit_info_test.py index 6f8180dfca..f80be02865 100644 --- a/tests/providers/common/audit_info_test.py +++ b/tests/providers/common/audit_info_test.py @@ -5,7 +5,7 @@ from boto3 import session from mock import patch from moto import mock_ec2, mock_resourcegroupstaggingapi -from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info +from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info from prowler.providers.azure.azure_provider import Azure_Provider from prowler.providers.azure.lib.audit_info.models import ( Azure_Audit_Info, @@ -105,10 +105,16 @@ class Test_Set_Audit_Info: profile=None, profile_region="eu-west-1", credentials=None, - assumed_role_info=None, + assumed_role_info=AWS_Assume_Role( + role_arn=None, + session_duration=None, + external_id=None, + mfa_enabled=None, + ), audited_regions=["eu-west-2", "eu-west-1"], organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info diff --git a/tests/providers/common/common_outputs_test.py b/tests/providers/common/common_outputs_test.py index e9711129d2..48bbb1dceb 100644 --- a/tests/providers/common/common_outputs_test.py +++ b/tests/providers/common/common_outputs_test.py @@ -73,6 +73,7 @@ class Test_Common_Output_Options: audited_regions=None, organizations_metadata=None, audit_resources=None, + mfa_enabled=False, ) return audit_info