From 12e87173dd5b9eb266277d4d98af3c6b566925f1 Mon Sep 17 00:00:00 2001 From: EC2 Default User Date: Sat, 10 Aug 2024 06:11:38 +0000 Subject: [PATCH] Remove DocDB checks & a duplicate deletion protection check --- bp-base.json | 25 ------------------------- services/__init__.py | 1 - services/docdb.py | 29 ----------------------------- services/rds.py | 18 ------------------ 4 files changed, 73 deletions(-) delete mode 100644 services/docdb.py diff --git a/bp-base.json b/bp-base.json index 43a5dfa..220a97b 100644 --- a/bp-base.json +++ b/bp-base.json @@ -100,10 +100,6 @@ "enabled": true, "level": 2 }, - "rds-instance-deletion-protection-enabled": { - "enabled": true, - "level": 1 - }, "rds-instance-public-access-check": { "enabled": true, "level": 2 @@ -240,27 +236,6 @@ } } }, - "DocDB": { - "enabled": true, - "rules": { - "docdb-cluster-audit-logging-enabled": { - "enabled": true, - "level": 2 - }, - "docdb-cluster-backup-retention-check": { - "enabled": true, - "level": 2 - }, - "docdb-cluster-deletion-protection-enabled": { - "enabled": true, - "level": 1 - }, - "docdb-cluster-encrypted": { - "enabled": true, - "level": 2 - } - } - }, "DynamoDB": { "enabled": true, "rules": { diff --git a/services/__init__.py b/services/__init__.py index 8d2903d..f92e3d9 100644 --- a/services/__init__.py +++ b/services/__init__.py @@ -8,7 +8,6 @@ from . import ( kms, codeseries, cloudwatch, - docdb, dynamodb, ecr, ecs, diff --git a/services/docdb.py b/services/docdb.py deleted file mode 100644 index c9c163b..0000000 --- a/services/docdb.py +++ /dev/null @@ -1,29 +0,0 @@ -from models import RuleCheckResult -import boto3 - - -# client = boto3.client("") - - -def docdb_cluster_audit_logging_enabled(): - return RuleCheckResult( - passed=False, compliant_resources=[], non_compliant_resources=[] - ) - - -def docdb_cluster_backup_retention_check(): - return RuleCheckResult( - passed=False, compliant_resources=[], non_compliant_resources=[] - ) - - -def docdb_cluster_deletion_protection_enabled(): - return RuleCheckResult( - passed=False, compliant_resources=[], non_compliant_resources=[] - ) - - -def docdb_cluster_encrypted(): - return RuleCheckResult( - passed=False, compliant_resources=[], non_compliant_resources=[] - ) diff --git a/services/rds.py b/services/rds.py index dfb1b25..f6af868 100644 --- a/services/rds.py +++ b/services/rds.py @@ -217,24 +217,6 @@ def rds_enhanced_monitoring_enabled(): ) -def rds_instance_deletion_protection_enabled(): - compliant_resources = [] - non_compliant_resources = [] - instances = client.describe_db_instances()["DBInstances"] - - for instance in instances: - if instance.get("DeletionProtection", False) != False: - compliant_resources.append(instance["DBInstanceArn"]) - else: - non_compliant_resources.append(instance["DBInstanceArn"]) - - return RuleCheckResult( - passed=not non_compliant_resources, - compliant_resources=compliant_resources, - non_compliant_resources=non_compliant_resources, - ) - - def rds_instance_public_access_check(): compliant_resources = [] non_compliant_resources = []