mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-02-09 15:10:36 +00:00
Compare commits
7 Commits
feat/PROWL
...
PRWLR-6469
| Author | SHA1 | Date | |
|---|---|---|---|
|
6ee254f187 | ||
|
|
9914bc2017 | ||
|
|
e0e9f3e7c8 | ||
|
|
37b8c78b41 | ||
|
|
851286d23e | ||
|
|
ded3a0fcae | ||
|
|
affd36bc48 |
@@ -7,9 +7,9 @@
|
||||
],
|
||||
"ServiceName": "cloudwatch",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:certificate/resource-id",
|
||||
"ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:account",
|
||||
"Severity": "medium",
|
||||
"ResourceType": "AwsCloudWatchAlarm",
|
||||
"ResourceType": "AwsAccount",
|
||||
"Description": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).",
|
||||
"Risk": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.",
|
||||
"RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
|
||||
|
||||
@@ -31,7 +31,9 @@ class cloudwatch_changes_to_network_acls_alarm_configured(Check):
|
||||
report.status_extended = "No CloudWatch log groups found with metric filters or alarms associated."
|
||||
report.region = logs_client.region
|
||||
report.resource_id = logs_client.audited_account
|
||||
report.resource_arn = logs_client.log_group_arn_template
|
||||
report.resource_arn = logs_client._get_account_arn_template(
|
||||
logs_client.region
|
||||
)
|
||||
report.resource_tags = []
|
||||
|
||||
findings.append(report)
|
||||
|
||||
@@ -7,9 +7,9 @@
|
||||
],
|
||||
"ServiceName": "cloudwatch",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:certificate/resource-id",
|
||||
"ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:account",
|
||||
"Severity": "medium",
|
||||
"ResourceType": "AwsCloudWatchAlarm",
|
||||
"ResourceType": "AwsAccount",
|
||||
"Description": "Ensure a log metric filter and alarm exist for changes to network gateways.",
|
||||
"Risk": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.",
|
||||
"RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
|
||||
|
||||
@@ -31,7 +31,9 @@ class cloudwatch_changes_to_network_gateways_alarm_configured(Check):
|
||||
report.status_extended = "No CloudWatch log groups found with metric filters or alarms associated."
|
||||
report.region = logs_client.region
|
||||
report.resource_id = logs_client.audited_account
|
||||
report.resource_arn = logs_client.log_group_arn_template
|
||||
report.resource_arn = logs_client._get_account_arn_template(
|
||||
logs_client.region
|
||||
)
|
||||
report.resource_tags = []
|
||||
|
||||
findings.append(report)
|
||||
|
||||
@@ -7,9 +7,9 @@
|
||||
],
|
||||
"ServiceName": "cloudwatch",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:certificate/resource-id",
|
||||
"ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:account",
|
||||
"Severity": "medium",
|
||||
"ResourceType": "AwsCloudWatchAlarm",
|
||||
"ResourceType": "AwsAccount",
|
||||
"Description": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.",
|
||||
"Risk": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.",
|
||||
"RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
|
||||
|
||||
@@ -31,7 +31,9 @@ class cloudwatch_changes_to_network_route_tables_alarm_configured(Check):
|
||||
report.status_extended = "No CloudWatch log groups found with metric filters or alarms associated."
|
||||
report.region = logs_client.region
|
||||
report.resource_id = logs_client.audited_account
|
||||
report.resource_arn = logs_client.log_group_arn_template
|
||||
report.resource_arn = logs_client._get_account_arn_template(
|
||||
logs_client.region
|
||||
)
|
||||
report.resource_tags = []
|
||||
|
||||
findings.append(report)
|
||||
|
||||
@@ -7,9 +7,9 @@
|
||||
],
|
||||
"ServiceName": "cloudwatch",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:certificate/resource-id",
|
||||
"ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:account",
|
||||
"Severity": "medium",
|
||||
"ResourceType": "AwsCloudWatchAlarm",
|
||||
"ResourceType": "AwsAccount",
|
||||
"Description": "Ensure a log metric filter and alarm exist for VPC changes.",
|
||||
"Risk": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.",
|
||||
"RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
|
||||
|
||||
@@ -31,7 +31,9 @@ class cloudwatch_changes_to_vpcs_alarm_configured(Check):
|
||||
report.status_extended = "No CloudWatch log groups found with metric filters or alarms associated."
|
||||
report.region = logs_client.region
|
||||
report.resource_id = logs_client.audited_account
|
||||
report.resource_arn = logs_client.log_group_arn_template
|
||||
report.resource_arn = logs_client._get_account_arn_template(
|
||||
logs_client.region
|
||||
)
|
||||
report.resource_tags = []
|
||||
|
||||
findings.append(report)
|
||||
|
||||
@@ -102,6 +102,9 @@ class Logs(AWSService):
|
||||
self._list_tags_for_resource, self.log_groups.values()
|
||||
)
|
||||
|
||||
def _get_account_arn_template(self, region):
|
||||
return f"arn:{self.audited_partition}:cloudwatch:{region}:{self.audited_account}:account"
|
||||
|
||||
def _describe_metric_filters(self, regional_client):
|
||||
logger.info("CloudWatch Logs - Describing metric filters...")
|
||||
try:
|
||||
|
||||
@@ -27,6 +27,10 @@ def check_cloudwatch_log_metric_filter(
|
||||
)
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"CloudWatch log group {metric_filter.log_group.name} found with metric filter {metric_filter.name} but no alarms associated."
|
||||
report.check_metadata.ResourceIdTemplate = (
|
||||
"arn:partition:logs:region:account-id:log-group:log-group-name"
|
||||
)
|
||||
report.check_metadata.ResourceType = "AwsLogsLogGroup"
|
||||
# 3. Check if there is an alarm for the metric
|
||||
for alarm in metric_alarms:
|
||||
if alarm.metric == metric_filter.metric:
|
||||
|
||||
@@ -7,9 +7,9 @@
|
||||
],
|
||||
"ServiceName": "ec2",
|
||||
"SubServiceName": "ebs",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
"ResourceIdTemplate": "arn:partition:ec2:region:account-id",
|
||||
"Severity": "medium",
|
||||
"ResourceType": "Other",
|
||||
"ResourceType": "AwsAccount",
|
||||
"Description": "Check if EBS Default Encryption is activated.",
|
||||
"Risk": "If not enabled sensitive information at rest is not protected.",
|
||||
"RelatedUrl": "",
|
||||
|
||||
@@ -10,7 +10,7 @@ class ec2_ebs_default_encryption(Check):
|
||||
report = Check_Report_AWS(
|
||||
metadata=self.metadata(), resource=ebs_encryption
|
||||
)
|
||||
report.resource_arn = ec2_client._get_volume_arn_template(
|
||||
report.resource_arn = ec2_client._get_account_arn_template(
|
||||
ebs_encryption.region
|
||||
)
|
||||
report.resource_id = ec2_client.audited_account
|
||||
|
||||
@@ -59,6 +59,11 @@ class EC2(AWSService):
|
||||
f"arn:{self.audited_partition}:ec2:{region}:{self.audited_account}:volume"
|
||||
)
|
||||
|
||||
def _get_account_arn_template(self, region):
|
||||
return (
|
||||
f"arn:{self.audited_partition}:ec2:{region}:{self.audited_account}:account"
|
||||
)
|
||||
|
||||
def _describe_instances(self, regional_client):
|
||||
try:
|
||||
describe_instances_paginator = regional_client.get_paginator(
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
"CheckType": [],
|
||||
"ServiceName": "emr",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:aws:emr:region:account-id",
|
||||
"ResourceIdTemplate": "arn:partition:emr:region:account-id",
|
||||
"Severity": "high",
|
||||
"ResourceType": "AwsAccount",
|
||||
"Description": "EMR Account Public Access Block enabled.",
|
||||
|
||||
@@ -12,7 +12,7 @@ class emr_cluster_account_public_block_enabled(Check):
|
||||
)
|
||||
report.region = region
|
||||
report.resource_id = emr_client.audited_account
|
||||
report.resource_arn = emr_client._get_cluster_arn_template(region)
|
||||
report.resource_arn = emr_client._get_account_arn_template(region)
|
||||
if emr_client.block_public_access_configuration[
|
||||
region
|
||||
].block_public_security_group_rules:
|
||||
|
||||
@@ -22,6 +22,9 @@ class EMR(AWSService):
|
||||
def _get_cluster_arn_template(self, region):
|
||||
return f"arn:{self.audited_partition}:elasticmapreduce:{region}:{self.audited_account}:cluster"
|
||||
|
||||
def _get_account_arn_template(self, region):
|
||||
return f"arn:{self.audited_partition}:elasticmapreduce:{region}:{self.audited_account}:account"
|
||||
|
||||
def _list_clusters(self, regional_client):
|
||||
logger.info("EMR - Listing Clusters...")
|
||||
try:
|
||||
|
||||
@@ -10,8 +10,6 @@ class rds_cluster_critical_event_subscription(Check):
|
||||
report = Check_Report_AWS(metadata=self.metadata(), resource=db_event)
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "RDS cluster event categories of maintenance and failure are not subscribed."
|
||||
report.resource_id = rds_client.audited_account
|
||||
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
|
||||
if db_event.source_type == "db-cluster" and db_event.enabled:
|
||||
report = Check_Report_AWS(
|
||||
metadata=self.metadata(), resource=db_event
|
||||
@@ -33,6 +31,9 @@ class rds_cluster_critical_event_subscription(Check):
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "RDS cluster event category of maintenance is not subscribed."
|
||||
|
||||
report.resource_id = rds_client.audited_account
|
||||
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
|
||||
|
||||
findings.append(report)
|
||||
|
||||
return findings
|
||||
|
||||
@@ -7,9 +7,9 @@
|
||||
],
|
||||
"ServiceName": "rds",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:aws:rds:region:account-id:db-instance",
|
||||
"ResourceIdTemplate": "arn:aws:rds:region:account-id:account",
|
||||
"Severity": "low",
|
||||
"ResourceType": "AwsRdsEventSubscription",
|
||||
"ResourceType": "AwsAccount",
|
||||
"Description": "Ensure that Amazon RDS event notification subscriptions are enabled for database database events, particularly maintenance, configuration change and failure.",
|
||||
"Risk": "Without event subscriptions for critical events, such as maintenance, configuration changes and failures, you may not be aware of issues affecting your RDS instances, leading to downtime or security vulnerabilities.",
|
||||
"RelatedUrl": "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html",
|
||||
|
||||
@@ -10,8 +10,6 @@ class rds_instance_critical_event_subscription(Check):
|
||||
report = Check_Report_AWS(metadata=self.metadata(), resource=db_event)
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "RDS instance event categories of maintenance, configuration change, and failure are not subscribed."
|
||||
report.resource_id = rds_client.audited_account
|
||||
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
|
||||
report.region = db_event.region
|
||||
report.resource_tags = db_event.tags
|
||||
if db_event.source_type == "db-instance" and db_event.enabled:
|
||||
@@ -57,6 +55,10 @@ class rds_instance_critical_event_subscription(Check):
|
||||
else:
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "RDS instance event categories of maintenance, configuration change, and failure are not subscribed."
|
||||
|
||||
report.resource_id = rds_client.audited_account
|
||||
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
|
||||
|
||||
findings.append(report)
|
||||
|
||||
return findings
|
||||
|
||||
@@ -22,8 +22,6 @@ class rds_instance_event_subscription_parameter_groups(Check):
|
||||
report = Check_Report_AWS(metadata=self.metadata(), resource={})
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "RDS parameter group event categories of configuration change is not subscribed."
|
||||
report.resource_id = rds_client.audited_account
|
||||
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
|
||||
report.region = db_event.region
|
||||
if db_event.source_type == "db-parameter-group":
|
||||
report = Check_Report_AWS(
|
||||
@@ -43,5 +41,9 @@ class rds_instance_event_subscription_parameter_groups(Check):
|
||||
else:
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "RDS parameter group event category of configuration change is not subscribed."
|
||||
|
||||
report.resource_id = rds_client.audited_account
|
||||
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
|
||||
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -5,9 +5,9 @@
|
||||
"CheckType": [],
|
||||
"ServiceName": "rds",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:aws:rds:region:account-id:es",
|
||||
"ResourceIdTemplate": "arn:aws:rds:region:account-id:account",
|
||||
"Severity": "medium",
|
||||
"ResourceType": "AwsRdsEventSubscription",
|
||||
"ResourceType": "AwsAccount",
|
||||
"Description": "Ensure that Amazon RDS event notification subscriptions are enabled for database security groups events.",
|
||||
"Risk": "Amazon RDS event subscriptions for database security groups are designed to provide incident notification of events that may affect the security, availability, and reliability of the RDS database instances associated with these security groups.",
|
||||
"RelatedUrl": "https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-22",
|
||||
|
||||
@@ -10,8 +10,6 @@ class rds_instance_event_subscription_security_groups(Check):
|
||||
report = Check_Report_AWS(metadata=self.metadata(), resource=db_event)
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "RDS security group event categories of configuration change and failure are not subscribed."
|
||||
report.resource_id = rds_client.audited_account
|
||||
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
|
||||
report.resource_tags = []
|
||||
if db_event.source_type == "db-security-group" and db_event.enabled:
|
||||
report = Check_Report_AWS(
|
||||
@@ -34,6 +32,9 @@ class rds_instance_event_subscription_security_groups(Check):
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "RDS security group event category of configuration change is not subscribed."
|
||||
|
||||
report.resource_id = rds_client.audited_account
|
||||
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
|
||||
|
||||
findings.append(report)
|
||||
|
||||
return findings
|
||||
|
||||
@@ -71,9 +71,10 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_no_log_group(self):
|
||||
@@ -139,9 +140,10 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group(self):
|
||||
@@ -213,9 +215,10 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric(self):
|
||||
@@ -309,6 +312,7 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].resource_tags == [{}]
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm(self):
|
||||
@@ -413,6 +417,7 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].resource_tags == [{}]
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm_with_quotes(self):
|
||||
@@ -517,6 +522,7 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].resource_tags == [{}]
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm_with_newlines(self):
|
||||
@@ -621,6 +627,7 @@ class Test_cloudwatch_changes_to_network_acls_alarm_configured:
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].resource_tags == [{}]
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_access_denied(self):
|
||||
|
||||
@@ -71,9 +71,10 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_no_log_group(self):
|
||||
@@ -139,9 +140,10 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group(self):
|
||||
@@ -213,9 +215,10 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric(self):
|
||||
@@ -307,6 +310,7 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].resource_tags == [{}]
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm(self):
|
||||
@@ -410,6 +414,7 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].resource_tags == [{}]
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm_with_quotes(self):
|
||||
@@ -513,6 +518,7 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].resource_tags == [{}]
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm_with_newlines(self):
|
||||
@@ -616,3 +622,4 @@ class Test_cloudwatch_changes_to_network_gateways_alarm_configured:
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].resource_tags == [{}]
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@@ -71,9 +71,10 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_no_log_group(self):
|
||||
@@ -139,9 +140,10 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group(self):
|
||||
@@ -213,7 +215,7 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
|
||||
@@ -302,6 +304,7 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm(self):
|
||||
@@ -400,6 +403,7 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm_with_quotes(self):
|
||||
@@ -498,6 +502,7 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm_with_newlines(self):
|
||||
@@ -596,3 +601,4 @@ class Test_cloudwatch_changes_to_network_route_tables_alarm_configured:
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@@ -71,9 +71,10 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_no_log_group(self):
|
||||
@@ -139,9 +140,10 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group(self):
|
||||
@@ -213,9 +215,10 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:logs:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:log-group"
|
||||
== f"arn:aws:cloudwatch:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsAccount"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric(self):
|
||||
@@ -302,6 +305,7 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm(self):
|
||||
@@ -400,6 +404,7 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm_with_quotes(self):
|
||||
@@ -498,6 +503,7 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@mock_aws
|
||||
def test_cloudwatch_trail_with_log_group_with_metric_and_alarm_with_newlines(self):
|
||||
@@ -596,3 +602,4 @@ class Test_cloudwatch_changes_to_vpcs_alarm_configured:
|
||||
== f"arn:aws:logs:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:log-group:/log-group/test:*"
|
||||
)
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert result[0].check_metadata.ResourceType == "AwsLogsLogGroup"
|
||||
|
||||
@@ -55,7 +55,7 @@ class Test_ec2_ebs_default_encryption:
|
||||
assert result.resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result.resource_arn
|
||||
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:volume"
|
||||
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
if result.region == AWS_REGION_EU_WEST_1:
|
||||
assert result.status == "FAIL"
|
||||
@@ -66,7 +66,7 @@ class Test_ec2_ebs_default_encryption:
|
||||
assert result.resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result.resource_arn
|
||||
== f"arn:aws:ec2:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:volume"
|
||||
== f"arn:aws:ec2:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
|
||||
@mock_aws
|
||||
@@ -97,6 +97,7 @@ class Test_ec2_ebs_default_encryption:
|
||||
|
||||
# One result per region
|
||||
assert len(results) == 2
|
||||
print(results)
|
||||
for result in results:
|
||||
if result.region == AWS_REGION_US_EAST_1:
|
||||
assert result.status == "FAIL"
|
||||
@@ -107,7 +108,7 @@ class Test_ec2_ebs_default_encryption:
|
||||
assert result.resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result.resource_arn
|
||||
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:volume"
|
||||
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
if result.region == AWS_REGION_EU_WEST_1:
|
||||
assert result.status == "FAIL"
|
||||
@@ -118,7 +119,7 @@ class Test_ec2_ebs_default_encryption:
|
||||
assert result.resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result.resource_arn
|
||||
== f"arn:aws:ec2:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:volume"
|
||||
== f"arn:aws:ec2:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
|
||||
@mock_aws
|
||||
@@ -191,5 +192,5 @@ class Test_ec2_ebs_default_encryption:
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:volume"
|
||||
== f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
|
||||
@@ -18,9 +18,13 @@ class Test_emr_cluster_account_public_block_enabled:
|
||||
emr_client.region = AWS_REGION_EU_WEST_1
|
||||
emr_client.audited_partition = "aws"
|
||||
emr_client.cluster_arn_template = f"arn:{emr_client.audited_partition}:elasticmapreduce:{emr_client.region}:{emr_client.audited_account}:cluster"
|
||||
emr_client.account_arn_template = f"arn:{emr_client.audited_partition}:elasticmapreduce:{emr_client.region}:{emr_client.audited_account}:account"
|
||||
emr_client._get_cluster_arn_template = mock.MagicMock(
|
||||
return_value=emr_client.cluster_arn_template
|
||||
)
|
||||
emr_client._get_account_arn_template = mock.MagicMock(
|
||||
return_value=emr_client.account_arn_template
|
||||
)
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.services.emr.emr_service.EMR",
|
||||
new=emr_client,
|
||||
@@ -36,6 +40,10 @@ class Test_emr_cluster_account_public_block_enabled:
|
||||
assert len(result) == 1
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:elasticmapreduce:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
@@ -53,9 +61,13 @@ class Test_emr_cluster_account_public_block_enabled:
|
||||
emr_client.region = AWS_REGION_EU_WEST_1
|
||||
emr_client.audited_partition = "aws"
|
||||
emr_client.cluster_arn_template = f"arn:{emr_client.audited_partition}:elasticmapreduce:{emr_client.region}:{emr_client.audited_account}:cluster"
|
||||
emr_client.account_arn_template = f"arn:{emr_client.audited_partition}:elasticmapreduce:{emr_client.region}:{emr_client.audited_account}:account"
|
||||
emr_client._get_cluster_arn_template = mock.MagicMock(
|
||||
return_value=emr_client.cluster_arn_template
|
||||
)
|
||||
emr_client._get_account_arn_template = mock.MagicMock(
|
||||
return_value=emr_client.account_arn_template
|
||||
)
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.services.emr.emr_service.EMR",
|
||||
new=emr_client,
|
||||
@@ -71,6 +83,10 @@ class Test_emr_cluster_account_public_block_enabled:
|
||||
assert len(result) == 1
|
||||
assert result[0].region == AWS_REGION_EU_WEST_1
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:elasticmapreduce:{AWS_REGION_EU_WEST_1}:{AWS_ACCOUNT_NUMBER}:account"
|
||||
)
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
|
||||
@@ -88,12 +88,9 @@ class Test_rds_cluster_critical_event_subscription:
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert result[0].status_extended == "RDS cluster events are subscribed."
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
|
||||
|
||||
@mock_aws
|
||||
@@ -141,12 +138,9 @@ class Test_rds_cluster_critical_event_subscription:
|
||||
result[0].status_extended
|
||||
== "RDS cluster event category of maintenance is not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
|
||||
|
||||
@mock_aws
|
||||
@@ -191,10 +185,7 @@ class Test_rds_cluster_critical_event_subscription:
|
||||
result[0].status_extended
|
||||
== "RDS cluster event category of failure is not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@@ -125,12 +125,9 @@ class Test_rds_instance_critical_event_subscription:
|
||||
assert (
|
||||
result[0].status_extended == "RDS instance events are subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
|
||||
|
||||
@mock_aws
|
||||
@@ -186,12 +183,9 @@ class Test_rds_instance_critical_event_subscription:
|
||||
result[0].status_extended
|
||||
== "RDS instance event categories of maintenance and configuration change are not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
|
||||
|
||||
@mock_aws
|
||||
@@ -244,12 +238,9 @@ class Test_rds_instance_critical_event_subscription:
|
||||
result[0].status_extended
|
||||
== "RDS instance event categories of configuration change and failure are not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@mock_aws
|
||||
@@ -302,12 +293,9 @@ class Test_rds_instance_critical_event_subscription:
|
||||
result[0].status_extended
|
||||
== "RDS instance event categories of maintenance and failure are not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@mock_aws
|
||||
@@ -360,12 +348,9 @@ class Test_rds_instance_critical_event_subscription:
|
||||
result[0].status_extended
|
||||
== "RDS instance event category of failure is not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@mock_aws
|
||||
@@ -418,12 +403,9 @@ class Test_rds_instance_critical_event_subscription:
|
||||
result[0].status_extended
|
||||
== "RDS instance event category of maintenance is not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@mock_aws
|
||||
@@ -476,12 +458,9 @@ class Test_rds_instance_critical_event_subscription:
|
||||
result[0].status_extended
|
||||
== "RDS instance event category of configuration change is not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@mock_aws
|
||||
@@ -525,10 +504,7 @@ class Test_rds_instance_critical_event_subscription:
|
||||
result[0].status_extended
|
||||
== "RDS instance event categories of maintenance, configuration change, and failure are not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@@ -126,12 +126,9 @@ class Test_rds_instance__no_event_subscriptions:
|
||||
result[0].status_extended
|
||||
== "RDS parameter group events are subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
|
||||
|
||||
@mock_aws
|
||||
@@ -184,12 +181,9 @@ class Test_rds_instance__no_event_subscriptions:
|
||||
result[0].status_extended
|
||||
== "RDS parameter group events are subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == []
|
||||
|
||||
@mock_aws
|
||||
|
||||
@@ -125,12 +125,9 @@ class Test_rds_instance_no_event_subscriptions:
|
||||
result[0].status_extended
|
||||
== "RDS security group events are subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
|
||||
|
||||
@mock_aws
|
||||
@@ -186,12 +183,9 @@ class Test_rds_instance_no_event_subscriptions:
|
||||
result[0].status_extended
|
||||
== "RDS security group event category of configuration change is not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
|
||||
|
||||
@mock_aws
|
||||
@@ -247,12 +241,9 @@ class Test_rds_instance_no_event_subscriptions:
|
||||
result[0].status_extended
|
||||
== "RDS security group event category of failure is not subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
|
||||
|
||||
@mock_aws
|
||||
@@ -414,10 +405,7 @@ class Test_rds_instance_no_event_subscriptions:
|
||||
result[0].status_extended
|
||||
== "RDS security group events are subscribed."
|
||||
)
|
||||
assert result[0].resource_id == "TestSub"
|
||||
assert result[0].region == AWS_REGION_US_EAST_1
|
||||
assert (
|
||||
result[0].resource_arn
|
||||
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
|
||||
)
|
||||
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
|
||||
assert result[0].resource_arn == RDS_ACCOUNT_ARN
|
||||
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
|
||||
|
||||
Reference in New Issue
Block a user