diff --git a/plugins/aws/apprunner/serviceEncrypted.js b/plugins/aws/apprunner/serviceEncrypted.js index 85f913040d..c90dfc0adb 100644 --- a/plugins/aws/apprunner/serviceEncrypted.js +++ b/plugins/aws/apprunner/serviceEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: ' App Runner service desired Encryption level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['apprunner:CreateService','apprunner:DeleteService'], diff --git a/plugins/aws/auditmanager/auditmanagerDataEncrypted.js b/plugins/aws/auditmanager/auditmanagerDataEncrypted.js index 67038211d3..ef9652f57a 100644 --- a/plugins/aws/auditmanager/auditmanagerDataEncrypted.js +++ b/plugins/aws/auditmanager/auditmanagerDataEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Audit Manager Data Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['auditmanager:registerAccount','auditmanager:UpdateSettings','auditmanager:DeregisterAccount'], diff --git a/plugins/aws/auditmanager/auditmanagerDataEncrypted.spec.js b/plugins/aws/auditmanager/auditmanagerDataEncrypted.spec.js index bef446ac37..f25b3b70fc 100644 --- a/plugins/aws/auditmanager/auditmanagerDataEncrypted.spec.js +++ b/plugins/aws/auditmanager/auditmanagerDataEncrypted.spec.js @@ -98,7 +98,7 @@ describe('auditmanagerDataEncrypted', function () { it('should FAIL if Audit Manager data is not encrypted with desired encryption level', function (done) { const cache = createCache(getSettings, listKeys, describeKey[1]); - auditmanagerDataEncrypted.run(cache, {}, (err, results) => { + auditmanagerDataEncrypted.run(cache, {auditmanager_data_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); diff --git a/plugins/aws/backup/backupVaultEncrypted.js b/plugins/aws/backup/backupVaultEncrypted.js index b5b9e6c718..a8c69131ac 100644 --- a/plugins/aws/backup/backupVaultEncrypted.js +++ b/plugins/aws/backup/backupVaultEncrypted.js @@ -16,7 +16,7 @@ module.exports = { name: 'CodeArtifact Domain Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['backup:CreateBackupVault','backup:DeleteBackupVault'], diff --git a/plugins/aws/cloudwatchlogs/logGroupsEncrypted.js b/plugins/aws/cloudwatchlogs/logGroupsEncrypted.js index d7341202f9..e280a45c48 100644 --- a/plugins/aws/cloudwatchlogs/logGroupsEncrypted.js +++ b/plugins/aws/cloudwatchlogs/logGroupsEncrypted.js @@ -18,7 +18,7 @@ module.exports = { name: 'CloudWatch Log Groups Target Ecryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' }, cloudwatchlog_whitelist: { name: 'Lambda Functions Whitelisted', diff --git a/plugins/aws/codeartifact/codeartifactDomainEncrypted.js b/plugins/aws/codeartifact/codeartifactDomainEncrypted.js index c3def0ee5c..80186bb0b5 100644 --- a/plugins/aws/codeartifact/codeartifactDomainEncrypted.js +++ b/plugins/aws/codeartifact/codeartifactDomainEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'CodeArtifact Domain Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['codeartifact:CreateDomain', 'codeartifact:DeleteDomain'], diff --git a/plugins/aws/codeartifact/codeartifactDomainEncrypted.spec.js b/plugins/aws/codeartifact/codeartifactDomainEncrypted.spec.js index b6d8bcda5f..5efe70c791 100644 --- a/plugins/aws/codeartifact/codeartifactDomainEncrypted.spec.js +++ b/plugins/aws/codeartifact/codeartifactDomainEncrypted.spec.js @@ -101,7 +101,7 @@ describe('codeartifactDomainEncrypted', function () { it('should FAIL if CodeArtifact domain is not encrypted with desired encyption level', function (done) { const cache = createCache(listDomains, listKeys, describeKey[1]); - codeartifactDomainEncrypted.run(cache, {}, (err, results) => { + codeartifactDomainEncrypted.run(cache, {codeartifact_domain_encryption_level:'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); diff --git a/plugins/aws/codebuild/projectArtifactsEncrypted.js b/plugins/aws/codebuild/projectArtifactsEncrypted.js index 1316415b51..7cc111417d 100644 --- a/plugins/aws/codebuild/projectArtifactsEncrypted.js +++ b/plugins/aws/codebuild/projectArtifactsEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Project Artifacts Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['codebuild:CreateProject', 'codebuild:UpdateProject','codebuild:DeleteProject'], diff --git a/plugins/aws/codebuild/projectArtifactsEncrypted.spec.js b/plugins/aws/codebuild/projectArtifactsEncrypted.spec.js index b9e0618f8e..080bfa3271 100644 --- a/plugins/aws/codebuild/projectArtifactsEncrypted.spec.js +++ b/plugins/aws/codebuild/projectArtifactsEncrypted.spec.js @@ -158,7 +158,7 @@ describe('projectArtifactsEncrypted', function () { it('should FAIL if CodeBuild project artifact is not encrypted with desired encryption level', function (done) { const cache = createCache(listProjects, listKeys, batchGetProjects[1], describeKey[1]); - projectArtifactsEncrypted.run(cache, { projects_artifact_desired_encryption_level: 'awscmk' }, (err, results) => { + projectArtifactsEncrypted.run(cache, { project_artifacts_desired_encryption_level: 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); diff --git a/plugins/aws/codepipeline/pipelineArtifactsEncrypted.js b/plugins/aws/codepipeline/pipelineArtifactsEncrypted.js index ff8c685a68..c757e6302a 100644 --- a/plugins/aws/codepipeline/pipelineArtifactsEncrypted.js +++ b/plugins/aws/codepipeline/pipelineArtifactsEncrypted.js @@ -18,7 +18,7 @@ module.exports = { name: 'Pipeline Artifacts Desired Encrypted Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['codepipeline:CreatePipeline','codepipeline:DeletePipeline'], diff --git a/plugins/aws/codepipeline/pipelineArtifactsEncrypted.spec.js b/plugins/aws/codepipeline/pipelineArtifactsEncrypted.spec.js index 84b653c7bb..9d4f18ffbc 100644 --- a/plugins/aws/codepipeline/pipelineArtifactsEncrypted.spec.js +++ b/plugins/aws/codepipeline/pipelineArtifactsEncrypted.spec.js @@ -135,7 +135,7 @@ describe('pipelineArtifactsEncrypted', function () { describe('run', function () { it('should PASS if Pipeline Artifacts is encrypted with desired encryption level', function (done) { const cache = createCache([listPipelines[0]], listKeys, listAliases, getPipeline[0], describeKey[0]); - pipelineArtifactsEncrypted.run(cache, { pipeline_artifacts_encryption : 'awscmk' }, (err, results) => { + pipelineArtifactsEncrypted.run(cache, { pipeline_artifacts_desired_encryption_level : 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); expect(results[0].region).to.equal('us-east-1'); @@ -145,7 +145,7 @@ describe('pipelineArtifactsEncrypted', function () { it('should FAIL if Pipeline Artifacts not encrypted with desired encryption level', function (done) { const cache = createCache([listPipelines[0]], listKeys, listAliases, getPipeline[0], describeKey[1]); - pipelineArtifactsEncrypted.run(cache, { pipeline_artifacts_encryption : 'awscmk' }, (err, results) => { + pipelineArtifactsEncrypted.run(cache, { pipeline_artifacts_desired_encryption_level : 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); diff --git a/plugins/aws/connect/customerProfilesDomainEncrypted.js b/plugins/aws/connect/customerProfilesDomainEncrypted.js index b523e93073..76063936c5 100644 --- a/plugins/aws/connect/customerProfilesDomainEncrypted.js +++ b/plugins/aws/connect/customerProfilesDomainEncrypted.js @@ -16,7 +16,7 @@ module.exports = { name: 'Connect Customer Profiles Encrypted', description: 'In order (lowest to highest) awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['customerprofiles:CreateDomain', 'customerprofiles:UpdateDomain', 'customerprofile:DeleteDomain'], diff --git a/plugins/aws/connect/instanceAttachmentsEncrypted.js b/plugins/aws/connect/instanceAttachmentsEncrypted.js index 22d2c9e264..cc6abdb1fb 100644 --- a/plugins/aws/connect/instanceAttachmentsEncrypted.js +++ b/plugins/aws/connect/instanceAttachmentsEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Connect Attachments Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig', 'connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'], diff --git a/plugins/aws/connect/instanceAttachmentsEncrypted.spec.js b/plugins/aws/connect/instanceAttachmentsEncrypted.spec.js index 6d115ad83a..2f9e9965f3 100644 --- a/plugins/aws/connect/instanceAttachmentsEncrypted.spec.js +++ b/plugins/aws/connect/instanceAttachmentsEncrypted.spec.js @@ -136,7 +136,7 @@ describe('instanceAttachmentsEncrypted', function () { describe('run', function () { it('should FAIL if Connect instance is not using desired encryption level', function (done) { const cache = createCache(listInstances, instanceAttachmentStorageConfigs[0], listKeys, describeKey[1]); - instanceAttachmentsEncrypted.run(cache, {}, (err, results) => { + instanceAttachmentsEncrypted.run(cache, {connect_attachments_encryption_level : 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); done(); diff --git a/plugins/aws/connect/instanceCallRecordingEncrypted.js b/plugins/aws/connect/instanceCallRecordingEncrypted.js index 68987ddf5e..6311f158ab 100644 --- a/plugins/aws/connect/instanceCallRecordingEncrypted.js +++ b/plugins/aws/connect/instanceCallRecordingEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Connect Call Resording Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig','connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'], diff --git a/plugins/aws/connect/instanceCallRecordingEncrypted.spec.js b/plugins/aws/connect/instanceCallRecordingEncrypted.spec.js index e9a81e213f..bb7b9b0815 100644 --- a/plugins/aws/connect/instanceCallRecordingEncrypted.spec.js +++ b/plugins/aws/connect/instanceCallRecordingEncrypted.spec.js @@ -136,7 +136,7 @@ describe('instanceCallRecordingEncrypted', function () { describe('run', function () { it('should FAIL if Connect instance is not using desired encryption level', function (done) { const cache = createCache(listInstances, listInstanceCallRecordingStorageConfigs[0], listKeys, describeKey[1]); - instanceCallRecordingEncrypted.run(cache, {}, (err, results) => { + instanceCallRecordingEncrypted.run(cache, {connect_call_recording_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); done(); diff --git a/plugins/aws/connect/instanceMediaStreamsEncrypted.js b/plugins/aws/connect/instanceMediaStreamsEncrypted.js index 434c48a803..2592d97168 100644 --- a/plugins/aws/connect/instanceMediaStreamsEncrypted.js +++ b/plugins/aws/connect/instanceMediaStreamsEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Connect Media Streams Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig','connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'], diff --git a/plugins/aws/connect/instanceMediaStreamsEncrypted.spec.js b/plugins/aws/connect/instanceMediaStreamsEncrypted.spec.js index 36fa52b903..8024d015d0 100644 --- a/plugins/aws/connect/instanceMediaStreamsEncrypted.spec.js +++ b/plugins/aws/connect/instanceMediaStreamsEncrypted.spec.js @@ -142,7 +142,7 @@ describe('instanceMediaStreamsEncrypted', function () { describe('run', function () { it('should FAIL if Connect instance is not using desired encryption level', function (done) { const cache = createCache(listInstances, listInstanceMediaStreamStorageConfigs[0], listKeys, describeKey[1]); - instanceMediaStreamsEncrypted.run(cache, {}, (err, results) => { + instanceMediaStreamsEncrypted.run(cache, {connect_media_streams_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); done(); diff --git a/plugins/aws/connect/instanceReportsEncrypted.js b/plugins/aws/connect/instanceReportsEncrypted.js index ea4bed1916..d4cc6a1b5e 100644 --- a/plugins/aws/connect/instanceReportsEncrypted.js +++ b/plugins/aws/connect/instanceReportsEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Connect Exported Reports Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig','connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'], diff --git a/plugins/aws/connect/instanceReportsEncrypted.spec.js b/plugins/aws/connect/instanceReportsEncrypted.spec.js index 2fa15b71f1..deb0aab8bb 100644 --- a/plugins/aws/connect/instanceReportsEncrypted.spec.js +++ b/plugins/aws/connect/instanceReportsEncrypted.spec.js @@ -136,7 +136,7 @@ describe('instanceReportsEncrypted', function () { describe('run', function () { it('should FAIL if Connect instance is not using desired encryption level', function (done) { const cache = createCache(listInstances, listInstanceExportedReportStorageConfigs[0], listKeys, describeKey[1]); - instanceReportsEncrypted.run(cache, {}, (err, results) => { + instanceReportsEncrypted.run(cache, {connect_exported_reports_encryption_level : 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); done(); diff --git a/plugins/aws/connect/instanceTranscriptsEncrypted.js b/plugins/aws/connect/instanceTranscriptsEncrypted.js index 8035988918..217ea2a6d8 100644 --- a/plugins/aws/connect/instanceTranscriptsEncrypted.js +++ b/plugins/aws/connect/instanceTranscriptsEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Connect Chat Transcripts Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig','connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'], diff --git a/plugins/aws/connect/instanceTranscriptsEncrypted.spec.js b/plugins/aws/connect/instanceTranscriptsEncrypted.spec.js index e2b7fa991f..83b6ff6e65 100644 --- a/plugins/aws/connect/instanceTranscriptsEncrypted.spec.js +++ b/plugins/aws/connect/instanceTranscriptsEncrypted.spec.js @@ -136,7 +136,7 @@ describe('instanceTranscriptsEncrypted', function () { describe('run', function () { it('should FAIL if Connect instance is not using desired encryption level', function (done) { const cache = createCache(listInstances, listInstanceChatTranscriptStorageConfigs[0], listKeys, describeKey[1]); - instanceTranscriptsEncrypted.run(cache, {}, (err, results) => { + instanceTranscriptsEncrypted.run(cache, {connect_chat_transcripts_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); done(); diff --git a/plugins/aws/documentDB/docdbClusterEncrypted.js b/plugins/aws/documentDB/docdbClusterEncrypted.js index 4ff795f685..6eff45ad78 100644 --- a/plugins/aws/documentDB/docdbClusterEncrypted.js +++ b/plugins/aws/documentDB/docdbClusterEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'DocumentDB Cluster Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['docdb:CreateDBCluster','docdb:CreateDBInstance','docdb:DeleteDBCluster'], diff --git a/plugins/aws/ec2/ebsEncryptionEnabled.js b/plugins/aws/ec2/ebsEncryptionEnabled.js index c6144cd468..877c86d80b 100644 --- a/plugins/aws/ec2/ebsEncryptionEnabled.js +++ b/plugins/aws/ec2/ebsEncryptionEnabled.js @@ -55,7 +55,7 @@ module.exports = { name: 'EBS Minimum Encryption Level at rest', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', }, }, diff --git a/plugins/aws/ecr/ecrRepositoryEncrypted.js b/plugins/aws/ecr/ecrRepositoryEncrypted.js index a416b14761..fffc5ccd1d 100644 --- a/plugins/aws/ecr/ecrRepositoryEncrypted.js +++ b/plugins/aws/ecr/ecrRepositoryEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'ECR Repository Encryption', description: 'In order (lowest to highest) sse=AES-256; awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(sse|awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['ecr:CreateRepository', 'ecr:DeleteRepository'], diff --git a/plugins/aws/elasticache/redisClusterEncryptionAtRest.js b/plugins/aws/elasticache/redisClusterEncryptionAtRest.js index 01b033ca38..966ddd086e 100644 --- a/plugins/aws/elasticache/redisClusterEncryptionAtRest.js +++ b/plugins/aws/elasticache/redisClusterEncryptionAtRest.js @@ -17,7 +17,7 @@ module.exports = { name: 'ElastiCache Cluster Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['elasticache:CreateCacheCluster', 'elasticache:DeleteCacheCluster', 'elasticache:CreateReplicationGroup'], diff --git a/plugins/aws/elasticache/redisClusterEncryptionAtRest.spec.js b/plugins/aws/elasticache/redisClusterEncryptionAtRest.spec.js index e2d9b5052c..92b16c3717 100644 --- a/plugins/aws/elasticache/redisClusterEncryptionAtRest.spec.js +++ b/plugins/aws/elasticache/redisClusterEncryptionAtRest.spec.js @@ -219,7 +219,7 @@ describe('redisClusterEncryptionAtRest', function () { describe('run', function () { it('should PASS if Redis Cluster at-rest is encrypted with desired encryption level', function (done) { const cache = createCache(describeCacheClusters[0], listKeys, describeReplicationGroups[0], describeKey[0]); - redisClusterEncryptionAtRest.run(cache, { ec_atrest_desired_encryption_level: 'awscmk' }, (err, results) => { + redisClusterEncryptionAtRest.run(cache, { ec_cluster_target_encryption_level: 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); expect(results[0].region).to.equal('us-east-1'); @@ -229,7 +229,7 @@ describe('redisClusterEncryptionAtRest', function () { it('should FAIL if Redis Cluster at-rest is not encrypted with desired encryption level', function (done) { const cache = createCache([describeCacheClusters[1]],listKeys, describeReplicationGroups[1], describeKey[1]); - redisClusterEncryptionAtRest.run(cache, { ec_atrest_desired_encryption_level: 'awscmk' }, (err, results) => { + redisClusterEncryptionAtRest.run(cache, { ec_cluster_target_encryption_level: 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); diff --git a/plugins/aws/firehose/deliveryStreamEncrypted.js b/plugins/aws/firehose/deliveryStreamEncrypted.js index 8f544a7b19..c7579cebe4 100644 --- a/plugins/aws/firehose/deliveryStreamEncrypted.js +++ b/plugins/aws/firehose/deliveryStreamEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Firehose Delivery Stream Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['firehose:CreateDeliveryStreams','firehose:UpdateDestination', 'firehose:DeleteliveryStreams'], diff --git a/plugins/aws/firehose/deliveryStreamEncrypted.spec.js b/plugins/aws/firehose/deliveryStreamEncrypted.spec.js index 5d7c45b1fe..39ccf0b75f 100644 --- a/plugins/aws/firehose/deliveryStreamEncrypted.spec.js +++ b/plugins/aws/firehose/deliveryStreamEncrypted.spec.js @@ -308,7 +308,7 @@ describe('deliveryStreamEncrypted', function () { deliveryStreamEncrypted.run(cache, {}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); - expect(results[0].message).to.include('Firehose delivery stream destination bucket is encrypted with awscmk'); + expect(results[0].message).to.include('Firehose delivery stream is encrypted with awskms'); expect(results[0].region).to.equal('us-east-1'); done(); }); @@ -316,7 +316,7 @@ describe('deliveryStreamEncrypted', function () { it('should FAIL if Firehose Delivery Stream not encrypted with desired encryption level', function (done) { const cache = createCache([listDeliveryStreams[0]], listKeys, describeDeliveryStream[1], describeKey[1]); - deliveryStreamEncrypted.run(cache, {}, (err, results) => { + deliveryStreamEncrypted.run(cache, {delivery_stream_desired_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].message).to.include('Firehose delivery stream destination bucket is encrypted with awskms'); diff --git a/plugins/aws/frauddetector/fraudDetectorDataEncrypted.js b/plugins/aws/frauddetector/fraudDetectorDataEncrypted.js index 0b96918845..803225679c 100644 --- a/plugins/aws/frauddetector/fraudDetectorDataEncrypted.js +++ b/plugins/aws/frauddetector/fraudDetectorDataEncrypted.js @@ -16,7 +16,7 @@ module.exports = { name: 'Fraud Detector Data Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['frauddetector:PutKMSEncryptionKey', 'frauddetector:DeleteDetector'], diff --git a/plugins/aws/fsx/fsxFileSystemEncrypted.js b/plugins/aws/fsx/fsxFileSystemEncrypted.js index fbb7b8e65d..418c3b7d40 100644 --- a/plugins/aws/fsx/fsxFileSystemEncrypted.js +++ b/plugins/aws/fsx/fsxFileSystemEncrypted.js @@ -16,7 +16,7 @@ module.exports = { name: 'FSx File Systems Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['fsx:CreateFileSystem', 'fsx:DeleteFileSystem'], diff --git a/plugins/aws/glue/glueS3EncryptionEnabled.js b/plugins/aws/glue/glueS3EncryptionEnabled.js index 72e1602f99..fc0c091426 100644 --- a/plugins/aws/glue/glueS3EncryptionEnabled.js +++ b/plugins/aws/glue/glueS3EncryptionEnabled.js @@ -16,7 +16,7 @@ module.exports = { name: 'Glue S3 Encryption Level', description: 'In order (lowest to highest) sse=S3 Server-Side; awskms=AWS-managed KMS; awscmk=Customer managed KMS;', regex: '^(sse|awskms|awscmk)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['glue:CreateSecurityConfiguration','glue:DeleteSecurityConfiguration'], diff --git a/plugins/aws/guardduty/exportedFindingsEncrypted.js b/plugins/aws/guardduty/exportedFindingsEncrypted.js index 348da066e6..370bf4ff60 100644 --- a/plugins/aws/guardduty/exportedFindingsEncrypted.js +++ b/plugins/aws/guardduty/exportedFindingsEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'GuardDuty Findings Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['guardduty:CreateDetector', 'guardduty:DeleteDetector'], diff --git a/plugins/aws/guardduty/exportedFindingsEncrypted.spec.js b/plugins/aws/guardduty/exportedFindingsEncrypted.spec.js index a43bcac0a1..3f56095442 100644 --- a/plugins/aws/guardduty/exportedFindingsEncrypted.spec.js +++ b/plugins/aws/guardduty/exportedFindingsEncrypted.spec.js @@ -147,7 +147,7 @@ describe('exportedFindingsEncrypted', function () { it('should PASS if GuardDuty Export Findings is encrypted with desired level', function (done) { const cache = createCache([listDetectors[0]], [listPublishingDestinations[0]], describePublishingDestination[0], listKeys, describeKey[0]); - exportedFindingsEncrypted.run(cache, { exported_findings_desired_encryption_level: 'awscmk' }, (err, results) => { + exportedFindingsEncrypted.run(cache, { findings_desired_encryption_level: 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); expect(results[0].region).to.equal('us-east-1'); @@ -157,7 +157,7 @@ describe('exportedFindingsEncrypted', function () { it('should FAIL if GuardDuty Export Findings is not encrypted with desired level ', function (done) { const cache = createCache([listDetectors[0]], [listPublishingDestinations[0]], describePublishingDestination[1], listKeys, describeKey[1]); - exportedFindingsEncrypted.run(cache, { exported_findings_desired_encryption_level: 'externalcmk' }, (err, results) => { + exportedFindingsEncrypted.run(cache, {findings_desired_encryption_level: 'cloudhsm' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); @@ -167,7 +167,7 @@ describe('exportedFindingsEncrypted', function () { it('should PASS if on GuardDuty detectors found', function (done) { const cache = createCache([]); - exportedFindingsEncrypted.run(cache, { exported_findings_desired_encryption_level: 'awscmk' }, (err, results) => { + exportedFindingsEncrypted.run(cache, { findings_desired_encryption_level: 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); done(); @@ -176,7 +176,7 @@ describe('exportedFindingsEncrypted', function () { it('should UNKNOWN if unable to list GuardDuty detectors', function (done) { const cache = createCache(null, null, null, null, null, { message: 'Unable to list GuardDuty detectors'}); - exportedFindingsEncrypted.run(cache, { exported_findings_desired_encryption_level: 'awscmk' }, (err, results) => { + exportedFindingsEncrypted.run(cache, { findings_desired_encryption_level: 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(3); done(); @@ -185,7 +185,7 @@ describe('exportedFindingsEncrypted', function () { it('should UNKNOWN if unable to list GuardDuty publishing destinations', function (done) { const cache = createCache([listDetectors[0]], {}, describePublishingDestination[0], null, null, null, null, { message: 'Unable to query GuardDuty publishing destinations'}); - exportedFindingsEncrypted.run(cache, { exported_findings_desired_encryption_level: 'awscmk' }, (err, results) => { + exportedFindingsEncrypted.run(cache, { findings_desired_encryption_level: 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(3); done(); @@ -194,7 +194,7 @@ describe('exportedFindingsEncrypted', function () { it('should not return anything if list detectors response not found', function (done) { const cache = createNullCache(); - exportedFindingsEncrypted.run(cache, { exported_findings_desired_encryption_level: 'awscmk' }, (err, results) => { + exportedFindingsEncrypted.run(cache, { findings_desired_encryption_level: 'awscmk' }, (err, results) => { expect(results.length).to.equal(0); done(); }); diff --git a/plugins/aws/healthlake/dataStoreEncrypted.js b/plugins/aws/healthlake/dataStoreEncrypted.js index edab34abd1..c543c87851 100644 --- a/plugins/aws/healthlake/dataStoreEncrypted.js +++ b/plugins/aws/healthlake/dataStoreEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'HealthLake Data Store Desired Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['healthlake:CreateFHIRDatastore', 'healthlake:DeleteFHIRDatastore'], diff --git a/plugins/aws/healthlake/dataStoreEncrypted.spec.js b/plugins/aws/healthlake/dataStoreEncrypted.spec.js index fa022a78f4..c7beb1d3b9 100644 --- a/plugins/aws/healthlake/dataStoreEncrypted.spec.js +++ b/plugins/aws/healthlake/dataStoreEncrypted.spec.js @@ -102,7 +102,7 @@ describe('dataStoreEncrypted', function () { describe('run', function () { it('should PASS if HealthLake Data Store is encrypted with desired encryption level', function (done) { const cache = createCache(listFHIRDatastores, listKeys, describeKey[0]); - dataStoreEncrypted.run(cache, { healthLake_data_store_encryption: 'awscmk' }, (err, results) => { + dataStoreEncrypted.run(cache, { healthlake_datastore_desired_encryption_level: 'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(0); expect(results[0].message).to.include('HealthLake data store is encrypted with awscmk'); @@ -113,7 +113,7 @@ describe('dataStoreEncrypted', function () { it('should FAIL if HealthLake Data Store is not encrypted with desired encyption level', function (done) { const cache = createCache(listFHIRDatastores, listKeys, describeKey[1]); - dataStoreEncrypted.run(cache, { healthLake_data_store_encryption:'awscmk' }, (err, results) => { + dataStoreEncrypted.run(cache, { healthlake_datastore_desired_encryption_level:'awscmk' }, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].message).to.include('HealthLake data store is encrypted with awskms'); diff --git a/plugins/aws/imagebuilder/dockerfileTemplateEncrypted.js b/plugins/aws/imagebuilder/dockerfileTemplateEncrypted.js index 23f761758a..fae28c29e4 100644 --- a/plugins/aws/imagebuilder/dockerfileTemplateEncrypted.js +++ b/plugins/aws/imagebuilder/dockerfileTemplateEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Docker File Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['imagebuilder:CreateContainerRecipe','imagebuilder:DeleteContainerRecipe'], diff --git a/plugins/aws/imagebuilder/dockerfileTemplateEncrypted.spec.js b/plugins/aws/imagebuilder/dockerfileTemplateEncrypted.spec.js index 91b54b093a..baa7bbafae 100644 --- a/plugins/aws/imagebuilder/dockerfileTemplateEncrypted.spec.js +++ b/plugins/aws/imagebuilder/dockerfileTemplateEncrypted.spec.js @@ -196,7 +196,7 @@ describe('dockerfileTemplateEncrypted', function () { it('should FAIL if Dockerfile Template is encrypted with awskms', function (done) { const cache = createCache([listContainerRecipes[1]], listKeys, listAliases, getContainerRecipe[1], describeKey[1]); - dockerfileTemplateEncrypted.run(cache, {}, (err, results) => { + dockerfileTemplateEncrypted.run(cache, {docker_file_desired_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].message).to.include('Dockerfile Template is encrypted with'); diff --git a/plugins/aws/imagebuilder/imageRecipeVolumeEncrypted.js b/plugins/aws/imagebuilder/imageRecipeVolumeEncrypted.js index 9d2d4d5b25..6f93d806ad 100644 --- a/plugins/aws/imagebuilder/imageRecipeVolumeEncrypted.js +++ b/plugins/aws/imagebuilder/imageRecipeVolumeEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Image Recipe EBS Volumes Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['Imagebuilder:CreateImageRecipe','Imagebuilder:DeleteImageRecipe'], diff --git a/plugins/aws/imagebuilder/imgBuilderComponentsEncrypted.js b/plugins/aws/imagebuilder/imgBuilderComponentsEncrypted.js index 36f33356b5..53458a6b2d 100644 --- a/plugins/aws/imagebuilder/imgBuilderComponentsEncrypted.js +++ b/plugins/aws/imagebuilder/imgBuilderComponentsEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Image Builder Component Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['Imagebuilder:CreateComponent','Imagebuilder:DeleteComponent'], diff --git a/plugins/aws/imagebuilder/imgBuilderComponentsEncrypted.spec.js b/plugins/aws/imagebuilder/imgBuilderComponentsEncrypted.spec.js index d2219c817d..6eeb0bba47 100644 --- a/plugins/aws/imagebuilder/imgBuilderComponentsEncrypted.spec.js +++ b/plugins/aws/imagebuilder/imgBuilderComponentsEncrypted.spec.js @@ -180,7 +180,7 @@ describe('imgBuilderComponentsEncrypted', function () { it('should FAIL if Image Builder component is encrypted with awskms', function (done) { const cache = createCache([listComponents[1]], listKeys, listAliases, getComponent[1], describeKey[1]); - imgBuilderComponentsEncrypted.run(cache, {}, (err, results) => { + imgBuilderComponentsEncrypted.run(cache, {image_component_desired_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].message).to.include('Image Builder component is encrypted with'); diff --git a/plugins/aws/iotsitewise/iotsitewiseDataEncrypted.js b/plugins/aws/iotsitewise/iotsitewiseDataEncrypted.js index 53cdc7de4c..8b39d18681 100644 --- a/plugins/aws/iotsitewise/iotsitewiseDataEncrypted.js +++ b/plugins/aws/iotsitewise/iotsitewiseDataEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'IoT SiteWise Data Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['imagebuilder:PutDefaultEncryptionConfiguration'], diff --git a/plugins/aws/kendra/kendraIndexEncrypted.js b/plugins/aws/kendra/kendraIndexEncrypted.js index bc8d9854a5..8494393f3a 100644 --- a/plugins/aws/kendra/kendraIndexEncrypted.js +++ b/plugins/aws/kendra/kendraIndexEncrypted.js @@ -16,7 +16,7 @@ module.exports = { name: 'Kendra Index Encrypted', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['kendra:CreateIndex','kendra:UpdateIndex','kendra:DeleteIndex'], diff --git a/plugins/aws/kinesis/kinesisDataStreamsEncrypted.js b/plugins/aws/kinesis/kinesisDataStreamsEncrypted.js index 4694709351..8aa16ea2a6 100644 --- a/plugins/aws/kinesis/kinesisDataStreamsEncrypted.js +++ b/plugins/aws/kinesis/kinesisDataStreamsEncrypted.js @@ -18,7 +18,7 @@ module.exports = { name: 'Kinesis Data Stream Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['kinesis:CreateStream','kinesis:StartStreamEncryption','kinesis:StopStreamEncryption','kinesis:DeleteStream'], diff --git a/plugins/aws/kinesis/kinesisDataStreamsEncrypted.spec.js b/plugins/aws/kinesis/kinesisDataStreamsEncrypted.spec.js index 8ffb787aa1..12edd5e58c 100644 --- a/plugins/aws/kinesis/kinesisDataStreamsEncrypted.spec.js +++ b/plugins/aws/kinesis/kinesisDataStreamsEncrypted.spec.js @@ -218,7 +218,7 @@ describe('kinesisDataStreamsEncrypted', function () { it('should FAIL if Kinesis stream not encrypted with desired encryption level', function (done) { const cache = createCache([listStreams[1]], listKeys, [listAliases[1]], describeStream[1], describeKey[1]); - kinesisDataStreamsEncrypted.run(cache, {}, (err, results) => { + kinesisDataStreamsEncrypted.run(cache, {data_streams_desired_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].message).to.include('Kinesis stream is encrypted with awskms'); diff --git a/plugins/aws/kinesisvideo/videostreamDataEncrypted.js b/plugins/aws/kinesisvideo/videostreamDataEncrypted.js index f181178871..a1146e4225 100644 --- a/plugins/aws/kinesisvideo/videostreamDataEncrypted.js +++ b/plugins/aws/kinesisvideo/videostreamDataEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Kinesis Video Streams Data Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['kinesisvideo:CreateStream', 'kinesisvideo:DeleteStream'], diff --git a/plugins/aws/location/geoCollectionDataEncrypted.js b/plugins/aws/location/geoCollectionDataEncrypted.js index db8755acbf..4eb4c8a68e 100644 --- a/plugins/aws/location/geoCollectionDataEncrypted.js +++ b/plugins/aws/location/geoCollectionDataEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Location Geofence Collection Data Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['location:CreateGeofenceCollection', 'location:DeleteGeofenceCollection'], diff --git a/plugins/aws/location/trackerDataEncrypted.js b/plugins/aws/location/trackerDataEncrypted.js index 8a35338ffb..dfd529aebd 100644 --- a/plugins/aws/location/trackerDataEncrypted.js +++ b/plugins/aws/location/trackerDataEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Location Tracker Data Desired Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['location:CreateTracker', 'location:UpdateTracker', 'location:DeleteTracker'], diff --git a/plugins/aws/lookout/anomalyDetectorEncrypted.js b/plugins/aws/lookout/anomalyDetectorEncrypted.js index ca7d8f70f7..054a2fdfe0 100644 --- a/plugins/aws/lookout/anomalyDetectorEncrypted.js +++ b/plugins/aws/lookout/anomalyDetectorEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'LookoutMetrics Anomaly Detector Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['lookoutmetrics:CreateAnomalyDetector', 'lookoutmetrics:UpdateAnomalyDetector', 'lookoutmetrics:DeleteAnomalyDetector'], diff --git a/plugins/aws/lookout/anomalyDetectorEncrypted.spec.js b/plugins/aws/lookout/anomalyDetectorEncrypted.spec.js index 5e23fba913..c928fe8438 100644 --- a/plugins/aws/lookout/anomalyDetectorEncrypted.spec.js +++ b/plugins/aws/lookout/anomalyDetectorEncrypted.spec.js @@ -143,7 +143,7 @@ describe('anomalyDetectorEncrypted', function () { it('should FAIL if LookoutMetrics Anomaly Detector is not encrypted with desired encryption level', function (done) { const cache = createCache([listAnomalyDetectors[1]], listKeys, describeAnomalyDetector[1], describeKey[1]); - anomalyDetectorEncrypted.run(cache, {}, (err, results) => { + anomalyDetectorEncrypted.run(cache, {lookoutmetrics_anomalydetectors_desired_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); diff --git a/plugins/aws/lookout/equipmentdatasetEncrypted.js b/plugins/aws/lookout/equipmentdatasetEncrypted.js index 6125b8cee3..ba873bed3f 100644 --- a/plugins/aws/lookout/equipmentdatasetEncrypted.js +++ b/plugins/aws/lookout/equipmentdatasetEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Equipement Dataset Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['lookoutequipment:CreateDataset', 'lookoutequipment:DeleteDataset'], diff --git a/plugins/aws/lookout/equipmentdatasetEncrypted.spec.js b/plugins/aws/lookout/equipmentdatasetEncrypted.spec.js index 639a7fdd86..0c4f402180 100644 --- a/plugins/aws/lookout/equipmentdatasetEncrypted.spec.js +++ b/plugins/aws/lookout/equipmentdatasetEncrypted.spec.js @@ -135,7 +135,7 @@ describe('equipmentdatasetEncrypted', function () { it('should FAIL if LookoutEquipment Dataset is not encrypted with desired encryption level', function (done) { const cache = createCache([listDatasets[1]], listKeys, describeDataset[1], describeKey[1]); - equipmentdatasetEncrypted.run(cache, {}, (err, results) => { + equipmentdatasetEncrypted.run(cache, {equipment_dataset_desired_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); diff --git a/plugins/aws/lookout/modelDataEncrypted.js b/plugins/aws/lookout/modelDataEncrypted.js index 7f93f1b8a4..d956d2f8e5 100644 --- a/plugins/aws/lookout/modelDataEncrypted.js +++ b/plugins/aws/lookout/modelDataEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Vision Data Target Encryption Level', description: 'In order (lowest to highest) sse=S3-SSE; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(sse|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['lookoutvision:CreateModel', 'lookoutvision:DeleteModel'], diff --git a/plugins/aws/managedblockchain/networkMemberDataEncrypted.js b/plugins/aws/managedblockchain/networkMemberDataEncrypted.js index 7fbda0255b..56948232e9 100644 --- a/plugins/aws/managedblockchain/networkMemberDataEncrypted.js +++ b/plugins/aws/managedblockchain/networkMemberDataEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Managed Blockchain Member Target Encryption Level', description: 'In order (lowest to highest) sse=S3-SSE; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['managedblockchain:CreateNetwork', 'managedblockchain:DeleteMember'], diff --git a/plugins/aws/managedblockchain/networkMemberDataEncrypted.spec.js b/plugins/aws/managedblockchain/networkMemberDataEncrypted.spec.js index 0d7a26a208..6a6b3898e4 100644 --- a/plugins/aws/managedblockchain/networkMemberDataEncrypted.spec.js +++ b/plugins/aws/managedblockchain/networkMemberDataEncrypted.spec.js @@ -172,7 +172,7 @@ describe('networkMemberDataEncrypted', function () { it('should FAIL if Network member is not using desired encryption level', function (done) { const cache = createCache(listNetworks ,listMembers, getMember[1], listKeys, describeKey[0]); - networkMemberDataEncrypted.run(cache, {}, (err, results) => { + networkMemberDataEncrypted.run(cache, {blockchain_member_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); diff --git a/plugins/aws/memorydb/memorydbClusterEncrypted.js b/plugins/aws/memorydb/memorydbClusterEncrypted.js index a2dcd6527b..e242a05642 100644 --- a/plugins/aws/memorydb/memorydbClusterEncrypted.js +++ b/plugins/aws/memorydb/memorydbClusterEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'MemoryDB Cluster Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['MemoryDB:CreateCluster', 'MemoryDB:DeleteCluster'], diff --git a/plugins/aws/memorydb/memorydbClusterEncrypted.spec.js b/plugins/aws/memorydb/memorydbClusterEncrypted.spec.js index e337d2a4e1..5018652060 100644 --- a/plugins/aws/memorydb/memorydbClusterEncrypted.spec.js +++ b/plugins/aws/memorydb/memorydbClusterEncrypted.spec.js @@ -152,7 +152,7 @@ describe('memorydbClusterEncrypted', function () { it('should FAIL if MemoryDB Cluster for Redis is not encrypted with desired encyption level', function (done) { const cache = createCache([describeClusters[0]], listKeys, describeKey[1]); - memorydbClusterEncrypted.run(cache, {} , (err, results) => { + memorydbClusterEncrypted.run(cache, {memorydb_cluster_target_encryption_level: 'awscmk'} , (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].message).to.include('MemoryDB cluster is encrypted with awskms'); diff --git a/plugins/aws/mq/mqBrokerEncrypted.js b/plugins/aws/mq/mqBrokerEncrypted.js index 19b67ac4b8..2e311a443f 100644 --- a/plugins/aws/mq/mqBrokerEncrypted.js +++ b/plugins/aws/mq/mqBrokerEncrypted.js @@ -16,7 +16,7 @@ module.exports = { name: 'MQ Broker Target Encryption Level', description: 'In order (lowest to highest) sse=AWS-owned CMK awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(sse|awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['mq:CreateBrocker', 'mq:DeleteBrocker'], diff --git a/plugins/aws/mq/mqBrokerEncrypted.spec.js b/plugins/aws/mq/mqBrokerEncrypted.spec.js index a02f62e490..7cdf537c8f 100644 --- a/plugins/aws/mq/mqBrokerEncrypted.spec.js +++ b/plugins/aws/mq/mqBrokerEncrypted.spec.js @@ -222,7 +222,7 @@ describe('mqBrokerEncrypted', function () { it('should FAIL if MQ Broker data at-rest is not encrypted with desired encryption level', function (done) { const cache = createCache([listBrokers[1]],listKeys, [describeBroker[0]], describeKey[1]); - mqBrokerEncrypted.run(cache, {}, (err, results) => { + mqBrokerEncrypted.run(cache, {mq_broker_desired_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); @@ -232,7 +232,7 @@ describe('mqBrokerEncrypted', function () { it('should FAIL if MQ Broker data at-rest is encrypted with AWS owned key', function (done) { const cache = createCache([listBrokers[2]],listKeys, [describeBroker[2]], describeKey[1]); - mqBrokerEncrypted.run(cache, {}, (err, results) => { + mqBrokerEncrypted.run(cache, {mq_broker_desired_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1'); diff --git a/plugins/aws/msk/mskClusterEncryptionAtRest.js b/plugins/aws/msk/mskClusterEncryptionAtRest.js index 937bd501f5..847fa63fee 100644 --- a/plugins/aws/msk/mskClusterEncryptionAtRest.js +++ b/plugins/aws/msk/mskClusterEncryptionAtRest.js @@ -16,7 +16,7 @@ module.exports = { name: 'MSK Cluster Desired Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['kafka:CreateCluster', 'kafka:DeleteCluster'], diff --git a/plugins/aws/msk/mskClusterEncryptionAtRest.spec.js b/plugins/aws/msk/mskClusterEncryptionAtRest.spec.js index d59ef80031..11dc783d18 100644 --- a/plugins/aws/msk/mskClusterEncryptionAtRest.spec.js +++ b/plugins/aws/msk/mskClusterEncryptionAtRest.spec.js @@ -150,7 +150,7 @@ describe('mskClusterEncryptionAtRest', function () { it('should FAIL if MSK Cluster At-Rest is not encrypted with desired encyption level', function (done) { const cache = createCache(listClusters, listKeys, describeKey[1]); - mskClusterEncryptionAtRest.run(cache, {}, (err, results) => { + mskClusterEncryptionAtRest.run(cache, {msk_cluster_desired_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].message).to.include('MSK cluster is encrypted with awskms'); diff --git a/plugins/aws/mwaa/environmentDataEncrypted.js b/plugins/aws/mwaa/environmentDataEncrypted.js index c8c7ac3082..e1ddaadf6d 100644 --- a/plugins/aws/mwaa/environmentDataEncrypted.js +++ b/plugins/aws/mwaa/environmentDataEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'MWAA Environment Data Deisred Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['mwaa:CreateEnvironment', 'mwaa:DeleteEnvironment'], diff --git a/plugins/aws/openSearchServerless/opensearchCollectionCmkEncrypted.js b/plugins/aws/openSearchServerless/opensearchCollectionCmkEncrypted.js index 5e795789af..94287c22cd 100644 --- a/plugins/aws/openSearchServerless/opensearchCollectionCmkEncrypted.js +++ b/plugins/aws/openSearchServerless/opensearchCollectionCmkEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'OpenSearch Collection Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['opensearchserverless:CreateCollection', 'opensearchserverless:DeleteCollection'], diff --git a/plugins/aws/opensearch/opensearchDomainEncryptionEnabled.js b/plugins/aws/opensearch/opensearchDomainEncryptionEnabled.js index bebeb61710..05821f3284 100644 --- a/plugins/aws/opensearch/opensearchDomainEncryptionEnabled.js +++ b/plugins/aws/opensearch/opensearchDomainEncryptionEnabled.js @@ -16,7 +16,7 @@ module.exports = { name: 'OpenSearch Domain Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], diff --git a/plugins/aws/proton/environmentTemplateEncrypted.js b/plugins/aws/proton/environmentTemplateEncrypted.js index 0cf5634df5..b1f9cadf41 100644 --- a/plugins/aws/proton/environmentTemplateEncrypted.js +++ b/plugins/aws/proton/environmentTemplateEncrypted.js @@ -16,7 +16,7 @@ module.exports = { name: 'Environment Template Desired Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['proton:CreateEnviromentTemplate', 'proton:DeleteEnviromentTemplate'], diff --git a/plugins/aws/qldb/ledgerEncrypted.js b/plugins/aws/qldb/ledgerEncrypted.js index 230c4fa5fd..59e1760706 100644 --- a/plugins/aws/qldb/ledgerEncrypted.js +++ b/plugins/aws/qldb/ledgerEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'QLDB ledger desired encryption level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['qldb:CreateLedger', 'qldb:UpdateLedger', 'qldb:DeleteLedger'], diff --git a/plugins/aws/s3/s3Encryption.js b/plugins/aws/s3/s3Encryption.js index f693811562..6289677708 100644 --- a/plugins/aws/s3/s3Encryption.js +++ b/plugins/aws/s3/s3Encryption.js @@ -62,7 +62,7 @@ module.exports = { name: 'S3 Minimum Default Encryption Level', description: 'In order (low to high) sse=Server-Side Encryption; awskms=AWS KMS; awscmk=Customer KMS; externalcmk=Customer external KMS; cloudhsm=Customer CloudHSM', regex: '^(sse|awskms|awscmk|externalcmk|cloudhsm)$', - default: 'sse', + default: 'awskms', }, s3_allow_unencrypted_static_websites: { name: 'S3 Allow Unencrypted Static Websites', diff --git a/plugins/aws/ses/emailMessagesEncrypted.js b/plugins/aws/ses/emailMessagesEncrypted.js index 58b13560ff..183dfc2193 100644 --- a/plugins/aws/ses/emailMessagesEncrypted.js +++ b/plugins/aws/ses/emailMessagesEncrypted.js @@ -16,7 +16,7 @@ module.exports = { name: 'SES Email Desired Encryption Level', description: 'Desired encryption level for email messages to encrypt them before they get saves on S3', regex: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['ses:CreateEmailIdentity','ses:SetActiveReceiptRuleSet','ses:DeleteEmailIdentity'], diff --git a/plugins/aws/sqs/sqsEncryptionEnabled.js b/plugins/aws/sqs/sqsEncryptionEnabled.js index 40eb3ab4d3..d4957752af 100644 --- a/plugins/aws/sqs/sqsEncryptionEnabled.js +++ b/plugins/aws/sqs/sqsEncryptionEnabled.js @@ -18,7 +18,7 @@ module.exports = { name: 'SQS Queues Target Encryption Level', description: 'In order (lowest to highest) sse=SSE-SQS; awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(sse|awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['sqs:CreateQueue', 'sqs:SetQueueAttributes', 'sqs:DeleteQueue'], diff --git a/plugins/aws/timestreamwrite/timestreamDatabaseEncrypted.js b/plugins/aws/timestreamwrite/timestreamDatabaseEncrypted.js index c8dbcd8db5..dd6b36ff2d 100644 --- a/plugins/aws/timestreamwrite/timestreamDatabaseEncrypted.js +++ b/plugins/aws/timestreamwrite/timestreamDatabaseEncrypted.js @@ -18,7 +18,7 @@ module.exports = { name: 'Timestream Database Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk' + default: 'awskms' } }, realtime_triggers: ['timestreamwrite:CreateDatabase', 'timestreamwrite:UpdateDatabase', 'timestreamwrite:DeleteDatabase'], diff --git a/plugins/aws/translate/translateJobOutputEncrypted.js b/plugins/aws/translate/translateJobOutputEncrypted.js index feba36c78c..e178e77e7d 100644 --- a/plugins/aws/translate/translateJobOutputEncrypted.js +++ b/plugins/aws/translate/translateJobOutputEncrypted.js @@ -17,7 +17,7 @@ module.exports = { name: 'Translate Job Target Encryption Level', description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS', regex: '^(awskms|awscmk|externalcmk|cloudhsm)$', - default: 'awscmk', + default: 'awskms', } }, realtime_triggers: ['translate:StartTextTranslationJob', 'translate:StopTextTranslationJob'], diff --git a/plugins/aws/translate/translateJobOutputEncrypted.spec.js b/plugins/aws/translate/translateJobOutputEncrypted.spec.js index 7b870fb1f1..38eccaca76 100644 --- a/plugins/aws/translate/translateJobOutputEncrypted.spec.js +++ b/plugins/aws/translate/translateJobOutputEncrypted.spec.js @@ -126,7 +126,7 @@ describe('translateJobOutputEncrypted', function () { it('should FAIL if Translate job is not encrypted with desired encryption level', function (done) { const cache = createCache([listTextTranslationJobs[1]], listKeys); - translateJobOutputEncrypted.run(cache, {}, (err, results) => { + translateJobOutputEncrypted.run(cache, {translate_job_encryption_level: 'awscmk'}, (err, results) => { expect(results.length).to.equal(1); expect(results[0].status).to.equal(2); expect(results[0].region).to.equal('us-east-1');