Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: show integration test results #236

Merged
merged 1 commit into from
Sep 24, 2024
Merged

fix: show integration test results #236

merged 1 commit into from
Sep 24, 2024

Conversation

RanbirAulakh
Copy link
Collaborator

@RanbirAulakh RanbirAulakh commented Sep 13, 2024
edited
Loading

Issue #, if available: n/a

Notes

  • There's no way to view what is happening behind the scene of the integration tests. It does not fully show the errors if it occurred.

Testing

Before you submit a pull request, please make sure you have to following:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 13, 2024
edited
Loading

Please review the existing CDK-Nag Violations for 4a08e60ba311a17de0e503bfeea8fa15ff0a6869

There are 92 AwsSolutions Violation(s)
Rule ID Resource ID Compliance Exception Reason Rule Level Rule Info
AwsSolutions-IAM4 OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaRole/Resource Non-Compliant N/A Error The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM4 OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaRole/Resource Non-Compliant N/A Error The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM5 OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-OS3 OSML-DataCatalog/DCDataplane/DCOSDomain/Resource Non-Compliant N/A Error The OpenSearch Service domain does not only grant access via allowlisted IP addresses.
AwsSolutions-OS4 OSML-DataCatalog/DCDataplane/DCOSDomain/Resource Non-Compliant N/A Error The OpenSearch Service domain does not use dedicated master nodes.
AwsSolutions-OS5 OSML-DataCatalog/DCDataplane/DCOSDomain/Resource Non-Compliant N/A Error The OpenSearch Service domain allows for unsigned requests or anonymous access.
AwsSolutions-OS9 OSML-DataCatalog/DCDataplane/DCOSDomain/Resource Non-Compliant N/A Error The OpenSearch Service domain does not minimally publish SEARCH_SLOW_LOGS and INDEX_SLOW_LOGS to CloudWatch Logs.
AwsSolutions-OS9 OSML-DataCatalog/DCDataplane/DCOSDomain/Resource Non-Compliant N/A Error The OpenSearch Service domain does not minimally publish SEARCH_SLOW_LOGS and INDEX_SLOW_LOGS to CloudWatch Logs.
AwsSolutions-IAM4 OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/ServiceRole/Resource Non-Compliant N/A Error The IAM user, role, or group uses AWS managed policies.
AwsSolutions-SNS2 OSML-DataIntake/DIDataplane/DIInputTopic/Resource Non-Compliant N/A Error The SNS Topic does not have server-side encryption enabled.
AwsSolutions-SNS3 OSML-DataIntake/DIDataplane/DIInputTopic/Resource Non-Compliant N/A Error The SNS Topic does not require publishers to use SSL.
AwsSolutions-SNS2 OSML-DataIntake/DIDataplane/DIOutputTopic/Resource Non-Compliant N/A Error The SNS Topic does not have server-side encryption enabled.
AwsSolutions-SNS3 OSML-DataIntake/DIDataplane/DIOutputTopic/Resource Non-Compliant N/A Error The SNS Topic does not require publishers to use SSL.
AwsSolutions-IAM4 OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaRole/Resource Non-Compliant N/A Error The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM4 OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaRole/Resource Non-Compliant N/A Error The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM5 OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-S1 OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource Non-Compliant N/A Error The S3 Bucket has server access logs disabled.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-SQS4 OSML-ModelRunner/MRDataplane/MRImageStatusQueue/MRImageStatusQueueDLQ/Resource Non-Compliant N/A Error The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4 OSML-ModelRunner/MRDataplane/MRImageStatusQueue/MRImageStatusQueue/Resource Non-Compliant N/A Error The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4 OSML-ModelRunner/MRDataplane/MRImageRequestQueue/MRImageRequestQueueDLQ/Resource Non-Compliant N/A Error The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4 OSML-ModelRunner/MRDataplane/MRImageRequestQueue/MRImageRequestQueue/Resource Non-Compliant N/A Error The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4 OSML-ModelRunner/MRDataplane/MRRegionRequestQueue/MRRegionRequestQueueDLQ/Resource Non-Compliant N/A Error The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4 OSML-ModelRunner/MRDataplane/MRRegionRequestQueue/MRRegionRequestQueue/Resource Non-Compliant N/A Error The SQS queue does not require requests to use SSL.
AwsSolutions-ECS4 OSML-ModelRunner/MRDataplane/MRCluster/Resource Non-Compliant N/A Error The ECS Cluster has CloudWatch Container Insights disabled.
AwsSolutions-ECS2 OSML-ModelRunner/MRDataplane/MRTaskDefinition/Resource Non-Compliant N/A Error The ECS Task Definition includes a container definition that directly specifies environment variables.
AwsSolutions-S1 OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource Non-Compliant N/A Error The S3 Bucket has server access logs disabled.
AwsSolutions-IAM5 OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-S1 OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource Non-Compliant N/A Error The S3 Bucket has server access logs disabled.
AwsSolutions-IAM4 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/Resource Non-Compliant N/A Error The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM4 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/Resource Non-Compliant N/A Error The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM5 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-L1 OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource Non-Compliant N/A Error The non-container Lambda function is not configured to use the latest runtime version.
AwsSolutions-IAM5 OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-ECS4 OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPModelCluster/Resource Non-Compliant N/A Error The ECS Cluster has CloudWatch Container Insights disabled.
AwsSolutions-ECS2 OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointFargateTaskDefinition/Resource Non-Compliant N/A Error The ECS Task Definition includes a container definition that directly specifies environment variables.
AwsSolutions-IAM5 OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointFargateTaskDefinition/ExecutionRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-ELB2 OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource Non-Compliant N/A Error The ELB does not have access logs enabled.
AwsSolutions-EC23 OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/SecurityGroup/Resource Non-Compliant N/A Error The Security Group allows for 0.0.0.0/0 or ::/0 inbound access.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5 OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionPolicy/Resource Non-Compliant N/A Error The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-SQS4 OSML-TileServer/TSDataplane/TSJobQueue/TSJobQueueDLQ/Resource Non-Compliant N/A Error The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4 OSML-TileServer/TSDataplane/TSJobQueue/TSJobQueue/Resource Non-Compliant N/A Error The SQS queue does not require requests to use SSL.
AwsSolutions-ECS4 OSML-TileServer/TSDataplane/TSCluster/Resource Non-Compliant N/A Error The ECS Cluster has CloudWatch Container Insights disabled.
AwsSolutions-ECS2 OSML-TileServer/TSDataplane/TSTaskDefinition/Resource Non-Compliant N/A Error The ECS Task Definition includes a container definition that directly specifies environment variables.
AwsSolutions-ELB2 OSML-TileServer/TSDataplane/TSService/LB/Resource Non-Compliant N/A Error The ELB does not have access logs enabled.
AwsSolutions-EC23 OSML-TileServer/TSDataplane/TSService/LB/SecurityGroup/Resource Non-Compliant N/A Error The Security Group allows for 0.0.0.0/0 or ::/0 inbound access.
AwsSolutions-VPC7 OSML-Vpc/OSMLVpc/OSMLVPC/Resource Non-Compliant N/A Error The VPC does not have an associated Flow Log.
There are 63 NIST.800.53.R5 Violation(s)
Rule ID Resource ID Compliance Exception Reason Rule Level Rule Info
NIST.800.53.R5-OpenSearchErrorLogsToCloudWatch OSML-DataCatalog/DCDataplane/DCOSDomain/Resource Non-Compliant N/A Error The OpenSearch Service domain does not stream error logs (ES_APPLICATION_LOGS) to CloudWatch Logs - (Control ID: AU-10).
NIST.800.53.R5-IAMNoInlinePolicy OSML-DataCatalog/DCDataplane/DCOSDomain/AccessPolicy/CustomResourcePolicy/Resource Non-Compliant N/A Error The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-LambdaConcurrency OSML-DataCatalog/DCDataplane/DCStacFunction/Resource Non-Compliant N/A Error The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ OSML-DataCatalog/DCDataplane/DCStacFunction/Resource Non-Compliant N/A Error The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-LambdaConcurrency OSML-DataCatalog/DCDataplane/DCIngestFunction/Resource Non-Compliant N/A Error The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ OSML-DataCatalog/DCDataplane/DCIngestFunction/Resource Non-Compliant N/A Error The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-LambdaConcurrency OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/Resource Non-Compliant N/A Error The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/Resource Non-Compliant N/A Error The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-LambdaInsideVPC OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/Resource Non-Compliant N/A Error The Lambda function is not VPC enabled - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-25).
NIST.800.53.R5-SNSEncryptedKMS OSML-DataIntake/DIDataplane/DIInputTopic/Resource Non-Compliant N/A Error The SNS topic does not have KMS encryption enabled - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1)).
NIST.800.53.R5-SNSEncryptedKMS OSML-DataIntake/DIDataplane/DIOutputTopic/Resource Non-Compliant N/A Error The SNS topic does not have KMS encryption enabled - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1)).
NIST.800.53.R5-S3BucketLoggingEnabled OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource Non-Compliant N/A Error The S3 Buckets does not have server access logs enabled - (Control IDs: AC-2(4), AC-3(1), AC-3(10), AC-4(26), AC-6(9), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-1(1)(c), SI-3(8)(b), SI-4(2), SI-4(17), SI-4(20), SI-7(8), SI-10(1)(c)).
NIST.800.53.R5-S3BucketReplicationEnabled OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource Non-Compliant N/A Error The S3 Bucket does not have replication enabled - (Control IDs: AU-9(2), CM-6a, CM-9b, CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-S3BucketVersioningEnabled OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource Non-Compliant N/A Error The S3 Bucket does not have versioning enabled - (Control IDs: AU-9(2), CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), PM-11b, PM-17b, SC-5(2), SC-16(1), SI-1a.2, SI-1a.2, SI-1c.2, SI-13(5)).
NIST.800.53.R5-LambdaConcurrency OSML-DataIntake/DIDataplane/DataIntakeFunction/Resource Non-Compliant N/A Error The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ OSML-DataIntake/DIDataplane/DataIntakeFunction/Resource Non-Compliant N/A Error The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-IAMNoInlinePolicy OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-DynamoDBInBackupPlan OSML-ModelRunner/MRDataplane/MRJobStatusTable/MRJobStatusTable/Resource Non-Compliant N/A Error The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan OSML-ModelRunner/MRDataplane/MRFeaturesTable/MRFeaturesTable/Resource Non-Compliant N/A Error The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan OSML-ModelRunner/MRDataplane/MREndpointProcessingTable/MREndpointProcessingTable/Resource Non-Compliant N/A Error The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan OSML-ModelRunner/MRDataplane/MRRegionRequestTable/MRRegionRequestTable/Resource Non-Compliant N/A Error The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-CloudWatchLogGroupEncrypted OSML-ModelRunner/MRDataplane/MRServiceLogGroup/Resource Non-Compliant N/A Error The CloudWatch Log Group is not encrypted with an AWS KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-S3BucketLoggingEnabled OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource Non-Compliant N/A Error The S3 Buckets does not have server access logs enabled - (Control IDs: AC-2(4), AC-3(1), AC-3(10), AC-4(26), AC-6(9), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-1(1)(c), SI-3(8)(b), SI-4(2), SI-4(17), SI-4(20), SI-7(8), SI-10(1)(c)).
NIST.800.53.R5-S3BucketReplicationEnabled OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource Non-Compliant N/A Error The S3 Bucket does not have replication enabled - (Control IDs: AU-9(2), CM-6a, CM-9b, CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-S3BucketVersioningEnabled OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource Non-Compliant N/A Error The S3 Bucket does not have versioning enabled - (Control IDs: AU-9(2), CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), PM-11b, PM-17b, SC-5(2), SC-16(1), SI-1a.2, SI-1a.2, SI-1c.2, SI-13(5)).
NIST.800.53.R5-S3BucketLoggingEnabled OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource Non-Compliant N/A Error The S3 Buckets does not have server access logs enabled - (Control IDs: AC-2(4), AC-3(1), AC-3(10), AC-4(26), AC-6(9), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-1(1)(c), SI-3(8)(b), SI-4(2), SI-4(17), SI-4(20), SI-7(8), SI-10(1)(c)).
NIST.800.53.R5-S3BucketReplicationEnabled OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource Non-Compliant N/A Error The S3 Bucket does not have replication enabled - (Control IDs: AU-9(2), CM-6a, CM-9b, CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-S3BucketVersioningEnabled OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource Non-Compliant N/A Error The S3 Bucket does not have versioning enabled - (Control IDs: AU-9(2), CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), PM-11b, PM-17b, SC-5(2), SC-16(1), SI-1a.2, SI-1a.2, SI-1c.2, SI-13(5)).
NIST.800.53.R5-EFSInBackupPlan OSML-Test-Imagery/OSMLTestImagery/BucketDeploymentEFS-VPC-c8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource Non-Compliant N/A Error The EFS is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-IAMNoInlinePolicy OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-LambdaConcurrency OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource Non-Compliant N/A Error The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource Non-Compliant N/A Error The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-CloudWatchLogGroupEncrypted OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointServiceLogGroup/Resource Non-Compliant N/A Error The CloudWatch Log Group is not encrypted with an AWS KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-IAMNoInlinePolicy OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointFargateTaskDefinition/ExecutionRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-ALBWAFEnabled OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource Non-Compliant N/A Error The ALB is not associated with AWS WAFv2 web ACL - (Control ID: AC-4(21)).
NIST.800.53.R5-ELBDeletionProtectionEnabled OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource Non-Compliant N/A Error The ALB, NLB, or GLB does not have deletion protection enabled - (Control IDs: CA-7(4)(c), CM-2a, CM-2(2), CM-3a, CM-8(6), CP-1a.1(b), CP-1a.2, CP-2a, CP-2a.6, CP-2a.7, CP-2d, CP-2e, CP-2(5), SA-15a.4, SC-5(2), SC-22).
NIST.800.53.R5-ELBLoggingEnabled OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource Non-Compliant N/A Error The ELB does not have logging enabled - (Control IDs: AC-4(26), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-4(17), SI-7(8)).
NIST.800.53.R5-ALBHttpToHttpsRedirection OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/PublicListener/Resource Non-Compliant N/A Error The ALB's HTTP listeners are not configured to redirect to HTTPS - (Control IDs: AC-4, AC-4(22), AC-17(2), AC-24(1), AU-9(3), CA-9b, IA-5(1)(c), PM-17b, SC-7(4)(b), SC-7(4)(g), SC-8, SC-8(1), SC-8(2), SC-8(3), SC-8(4), SC-8(5), SC-13a, SC-23, SI-1a.2, SI-1a.2, SI-1c.2).
NIST.800.53.R5-ELBv2ACMCertificateRequired OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/PublicListener/Resource Non-Compliant N/A Error The ALB, NLB, or GLB listener does not utilize an SSL certificate provided by ACM (Amazon Certificate Manager) - (Control IDs: SC-8(1), SC-23(5)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured OSML-Test-ModelEndpoints/MREndpoints/OSMLCenterPointModelEndpoint/OSMLCenterPointModelEndpoint-EndpointConfig Non-Compliant N/A Error The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured OSML-Test-ModelEndpoints/MREndpoints/OSMLFloodModelEndpoint/OSMLFloodModelEndpoint-EndpointConfig Non-Compliant N/A Error The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured OSML-Test-ModelEndpoints/MREndpoints/OSMLAircraftModelEndpoint/OSMLAircraftModelEndpoint-EndpointConfig Non-Compliant N/A Error The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-IAMNoInlinePolicy OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-IAMNoInlinePolicy OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionRole/DefaultPolicy/Resource Non-Compliant N/A Error The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-DynamoDBInBackupPlan OSML-TileServer/TSDataplane/TSJobTable/TSJobTable/Resource Non-Compliant N/A Error The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-CloudWatchLogGroupEncrypted OSML-TileServer/TSDataplane/TSServiceLogGroup/Resource Non-Compliant N/A Error The CloudWatch Log Group is not encrypted with an AWS KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-EFSInBackupPlan OSML-TileServer/TSDataplane/TSEfsFileSystem/Resource Non-Compliant N/A Error The EFS is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-ALBWAFEnabled OSML-TileServer/TSDataplane/TSService/LB/Resource Non-Compliant N/A Error The ALB is not associated with AWS WAFv2 web ACL - (Control ID: AC-4(21)).
NIST.800.53.R5-ELBDeletionProtectionEnabled OSML-TileServer/TSDataplane/TSService/LB/Resource Non-Compliant N/A Error The ALB, NLB, or GLB does not have deletion protection enabled - (Control IDs: CA-7(4)(c), CM-2a, CM-2(2), CM-3a, CM-8(6), CP-1a.1(b), CP-1a.2, CP-2a, CP-2a.6, CP-2a.7, CP-2d, CP-2e, CP-2(5), SA-15a.4, SC-5(2), SC-22).
NIST.800.53.R5-ELBLoggingEnabled OSML-TileServer/TSDataplane/TSService/LB/Resource Non-Compliant N/A Error The ELB does not have logging enabled - (Control IDs: AC-4(26), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-4(17), SI-7(8)).
NIST.800.53.R5-ALBHttpToHttpsRedirection OSML-TileServer/TSDataplane/TSService/LB/PublicListener/Resource Non-Compliant N/A Error The ALB's HTTP listeners are not configured to redirect to HTTPS - (Control IDs: AC-4, AC-4(22), AC-17(2), AC-24(1), AU-9(3), CA-9b, IA-5(1)(c), PM-17b, SC-7(4)(b), SC-7(4)(g), SC-8, SC-8(1), SC-8(2), SC-8(3), SC-8(4), SC-8(5), SC-13a, SC-23, SI-1a.2, SI-1a.2, SI-1c.2).
NIST.800.53.R5-ELBv2ACMCertificateRequired OSML-TileServer/TSDataplane/TSService/LB/PublicListener/Resource Non-Compliant N/A Error The ALB, NLB, or GLB listener does not utilize an SSL certificate provided by ACM (Amazon Certificate Manager) - (Control IDs: SC-8(1), SC-23(5)).
NIST.800.53.R5-LambdaConcurrency OSML-TileServer/TSDataplane/TSTestRunner/Resource Non-Compliant N/A Error The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ OSML-TileServer/TSDataplane/TSTestRunner/Resource Non-Compliant N/A Error The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-VPCDefaultSecurityGroupClosed OSML-Vpc/OSMLVpc/OSMLVPC/Resource Non-Compliant N/A Warning The VPC's default security group allows inbound or outbound traffic - (Control IDs: AC-4(21), AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), CM-6a, CM-9b, SC-7a, SC-7c, SC-7(5), SC-7(7), SC-7(11), SC-7(12), SC-7(16), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28)).
NIST.800.53.R5-VPCFlowLogsEnabled OSML-Vpc/OSMLVpc/OSMLVPC/Resource Non-Compliant N/A Error The VPC does not have an associated Flow Log - (Control IDs: AC-4(26), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SI-4(17), SI-7(8)).
NIST.800.53.R5-VPCSubnetAutoAssignPublicIpDisabled OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet1/Subnet Non-Compliant N/A Error The subnet auto-assigns public IP addresses - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(7), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28), SC-25).
NIST.800.53.R5-VPCNoUnrestrictedRouteToIGW OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet1/DefaultRoute Non-Compliant N/A Error The route table may contain one or more unrestricted route(s) to an IGW ('0.0.0.0/0' or '::/0') - (Control IDs: AC-4(21), CM-7b).
NIST.800.53.R5-VPCSubnetAutoAssignPublicIpDisabled OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet2/Subnet Non-Compliant N/A Error The subnet auto-assigns public IP addresses - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(7), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28), SC-25).
NIST.800.53.R5-VPCNoUnrestrictedRouteToIGW OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet2/DefaultRoute Non-Compliant N/A Error The route table may contain one or more unrestricted route(s) to an IGW ('0.0.0.0/0' or '::/0') - (Control IDs: AC-4(21), CM-7b).
NIST.800.53.R5-VPCSubnetAutoAssignPublicIpDisabled OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet3/Subnet Non-Compliant N/A Error The subnet auto-assigns public IP addresses - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(7), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28), SC-25).
NIST.800.53.R5-VPCNoUnrestrictedRouteToIGW OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet3/DefaultRoute Non-Compliant N/A Error The route table may contain one or more unrestricted route(s) to an IGW ('0.0.0.0/0' or '::/0') - (Control IDs: AC-4(21), CM-7b).

@RanbirAulakh RanbirAulakh force-pushed the RanbirAulakh-patch-1 branch 3 times, most recently from 7b533d6 to d119a61 Compare September 23, 2024 18:28
drduhe
drduhe approved these changes Sep 24, 2024
View reviewed changes
Copy link
Collaborator

@drduhe drduhe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@RanbirAulakh RanbirAulakh merged commit acc627b into dev Sep 24, 2024
6 checks passed
@RanbirAulakh RanbirAulakh deleted the RanbirAulakh-patch-1 branch September 24, 2024 18:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drduhe drduhe drduhe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RanbirAulakh @drduhe