added delete tiggers

aquasecurity · Sep 21, 2023 · f81cd8d · f81cd8d
1 parent 80d1449
commit f81cd8d
Show file tree

Hide file tree

Showing 98 changed files with 98 additions and 98 deletions.
diff --git a/plugins/aws/ec2/allowedCustomPorts.js b/plugins/aws/ec2/allowedCustomPorts.js
@@ -18,7 +18,7 @@ module.exports = {
             default: ''
         }
     },
-    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'],
+    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/amiHasTags.js b/plugins/aws/ec2/amiHasTags.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://aws.amazon.com/about-aws/whats-new/2020/12/amazon-machine-images-support-tag-on-create-tag-based-access-control/',
     recommended_action: 'Modify AMI and add tags.',
     apis: ['EC2:describeImages'],
-    realtime_triggers: ['ec2:CreateImage', 'ec2:CreateTags', 'ec2:DeleteTags'],
+    realtime_triggers: ['ec2:CreateImage', 'ec2:CreateTags', 'ec2:DeleteTags', 'ec2:DeregisterImage'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/appTierInstanceIamRole.js b/plugins/aws/ec2/appTierInstanceIamRole.js
@@ -19,7 +19,7 @@ module.exports = {
             default: ''
         },
     },
-    realtime_triggers: ['ec2:RunInstance', 'ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile'],
+    realtime_triggers: ['ec2:RunInstances', 'ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile', 'ec2:TerminateInstances'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/classicInstances.js b/plugins/aws/ec2/classicInstances.js
@@ -19,7 +19,7 @@ module.exports = {
              'segmentation criteria for PCI. Ensure all instances are launched ' +
              'within a VPC to comply with isolation requirements.'
     },
-    realtime_triggers: ['ec2:RunInstance'],
+    realtime_triggers: ['ec2:RunInstances','ec2:TerminateInstances'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/crossVpcPublicPrivate.js b/plugins/aws/ec2/crossVpcPublicPrivate.js
@@ -16,7 +16,7 @@ module.exports = {
              'communicate across these segmented boundaries. Ensure that public ' +
              'services in one VPC cannot communicate with the private tier of another.'
     },
-    realtime_triggers: ['ec2:CreateVpcPeeringConnection', 'ec2:ModifyVpcPeeringConnectionOptions'],
+    realtime_triggers: ['ec2:CreateVpcPeeringConnection', 'ec2:ModifyVpcPeeringConnectionOptions', 'ec2:DeleteVpcPeeringConnection'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/defaultSecurityGroup.js b/plugins/aws/ec2/defaultSecurityGroup.js
@@ -17,7 +17,7 @@ module.exports = {
              'unintended traffic to cross these isolation boundaries.',
         cis2: '4.3 Ensure the default security group of every VPC restricts all traffic'
     },
-    realtime_triggers: ['ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'],
+    realtime_triggers: ['ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/defaultSecurityGroupInUse.js b/plugins/aws/ec2/defaultSecurityGroupInUse.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#default-security-group',
     recommended_action: 'Modify EC2 instances and change security group.',
     apis: ['EC2:describeInstances'],
-    realtime_triggers: ['ec2:RunInstance', 'ec2:ModifyInstanceAttribute'],
+    realtime_triggers: ['ec2:RunInstances', 'ec2:ModifyInstanceAttribute', 'ec2:TerminateInnstances'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/defaultVpcExists.js b/plugins/aws/ec2/defaultVpcExists.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html',
     recommended_action: 'Move resources from the default VPC to a new VPC created for that application or resource group.',
     apis: ['EC2:describeVpcs', 'STS:getCallerIdentity'],
-    realtime_triggers: ['ec2:CreateVpc', 'ec2:ModifyVpcAttribute'],
+    realtime_triggers: ['ec2:CreateVpc', 'ec2:ModifyVpcAttribute', 'ec2:DeleteVpc'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/defaultVpcInUse.js b/plugins/aws/ec2/defaultVpcInUse.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html',
     recommended_action: 'Move resources from the default VPC to a new VPC created for that application or resource group.',
     apis: ['EC2:describeVpcs', 'EC2:describeInstances', 'ELB:describeLoadBalancers', 'Lambda:listFunctions', 'RDS:describeDBInstances', 'Redshift:describeClusters'],
-    realtime_triggers: ['ec2:CreateVpc', 'ec2:ModifyVpcAttribute', 'ec2:RunInstance','elasticloadbalancing:CreateLoadBalancer','elasticloadbalancing:ModifyLoadBalancerAttributes', 'lambda:CreateFunction','lambda:UpdateFunctionConfiguration', 'rds:CreateDBInstance','rds:ModifyDBInstance','redshift:CreateCluster','redshift:ModifyCluster'],
+    realtime_triggers: ['ec2:CreateVpc', 'ec2:DeleteVpc', 'ec2:ModifyVpcAttribute', 'ec2:RunInstances', 'TerminateInstances','elb:CreateLoadBalancer','elb:ModifyLoadBalancerAttributes','elb:DeleteLoadBalancer', 'lambda:CreateFunction','lambda:UpdateFunctionConfiguration', 'lamda:DeleteFunction','rds:CreateDBInstance','rds:ModifyDBInstance','rds:DeleteDBInstance','redshift:CreateCluster','redshift:ModifyCluster', 'redshift:DeleteCluster'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/ebsBackupEnabled.js b/plugins/aws/ec2/ebsBackupEnabled.js
@@ -18,7 +18,7 @@ module.exports = {
             default: 'true'
         }
     },
-    realtime_triggers: ['ec2:CreateSnapshot', 'ec2:CreateVloume'],
+    realtime_triggers: ['ec2:CreateSnapshot', 'ec2:CreateVloume', 'ec2: DeleteVolume', 'ec2:DeleteSnapshot'],
 
     run: function(cache, settings, callback) {
         let results = [];

diff --git a/plugins/aws/ec2/ebsDefaultEncryptionEnabled.js b/plugins/aws/ec2/ebsDefaultEncryptionEnabled.js
@@ -18,7 +18,7 @@ module.exports = {
             default: 'awskms',
         },
     },
-    realtime_triggers: ['ec2:CreateVolume', 'ec2:EnableEbsEncryptionByDefault', 'ec2:DisableEbsEncryptionByDefault', 'ec2:ModifyEbsDefaultKmsKeyId'],
+    realtime_triggers: ['ec2:CreateVolume', 'ec2:EnableEbsEncryptionByDefault', 'ec2:DisableEbsEncryptionByDefault', 'ec2:ModifyEbsDefaultKmsKeyId', 'ec2:DeleteVolume'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/ebsEncryptionEnabled.js b/plugins/aws/ec2/ebsEncryptionEnabled.js
@@ -58,7 +58,7 @@ module.exports = {
         },
 
     },
-    realtime_triggers: ['ec2:CreateVolume'],
+    realtime_triggers: ['ec2:CreateVolume', 'ec2;DeleteVolume'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/ebsRecentSnapshots.js b/plugins/aws/ec2/ebsRecentSnapshots.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html',
     recommended_action: 'Create a new snapshot for EBS volume weekly.',
     apis: ['EC2:describeSnapshots','STS:getCallerIdentity'],
-    realtime_triggers: ['ec2:CreateSnapshot'],
+    realtime_triggers: ['ec2:CreateSnapshot', 'ec2:DeleteSnapshot'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/ebsSnapshotHasTags.js b/plugins/aws/ec2/ebsSnapshotHasTags.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://aws.amazon.com/blogs/compute/tag-amazon-ebs-snapshots-on-creation-and-implement-stronger-security-policies/',
     recommended_action: 'Modify EBS snapshots and add tags.',
     apis: ['EC2:describeSnapshots'],
-    realtime_triggers: ['ec2:CreateSnapshot', 'ec2:AddTags', 'ec2:DeleteTags'],
+    realtime_triggers: ['ec2:CreateSnapshot', 'ec2:AddTags', 'ec2:DeleteTags','ec2:DeleteSnapshot'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/ebsSnapshotLifecycle.js b/plugins/aws/ec2/ebsSnapshotLifecycle.js
@@ -12,7 +12,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html',
     apis: ['EC2:describeInstances', 'EC2:describeVolumes', 'DLM:getLifecyclePolicies',
         'DLM:getLifecyclePolicy', 'STS:getCallerIdentity'],
-    realtime_triggers: ['ec2:CreateVolume','dlm:CreateLifecyclePolicy', 'dlm:DeleteLifecyclePolicy', 'dlm:UpdateLifecyclePolicy'],
+    realtime_triggers: ['ec2:CreateVolume','dlm:CreateLifecyclePolicy', 'dlm:DeleteLifecyclePolicy', 'dlm:UpdateLifecyclePolicy','ec2:DeleteVolume'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/ebsSnapshotPublic.js b/plugins/aws/ec2/ebsSnapshotPublic.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html',
     recommended_action: 'Modify the permissions of public snapshots to remove public access.',
     apis: ['EC2:describeSnapshots', 'EC2:describeSnapshotAttribute'],
-    realtime_triggers: ['ec2:CreateSnapshot' , 'ec2:ModifySnapshotAttribute'],
+    realtime_triggers: ['ec2:CreateSnapshot' , 'ec2:ModifySnapshotAttribute', 'ec2:DeleteSnapshot'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/ebsVolumeHasTags.js b/plugins/aws/ec2/ebsVolumeHasTags.js
@@ -10,7 +10,7 @@ module.exports = {
     recommended_action: 'Modify EBS volumes and add tags',
     link: 'https://aws.amazon.com/blogs/aws/new-tag-ec2-instances-ebs-volumes-on-creation/',
     apis: ['EC2:describeVolumes', 'STS:getCallerIdentity'],
-    realtime_triggers: ['ec2:CreateVolume', 'ec2:AddTags', 'ec2:DeleteTags'],
+    realtime_triggers: ['ec2:CreateVolume', 'ec2:AddTags', 'ec2:DeleteTags','ec2:DeleteVolume'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/ec2HasTags.js b/plugins/aws/ec2/ec2HasTags.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html',
     recommended_action: 'Modify EC2 instances and add tags.',
     apis: ['EC2:describeInstances'],
-    realtime_triggers: ['ec2:RunInstance', 'ec2:AddTags', 'ec2:DeleteTags'],
+    realtime_triggers: ['ec2:RunInstances', 'ec2:AddTags', 'ec2:DeleteTags', 'ec2:TerminateInstances'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/ec2MetadataOptions.js b/plugins/aws/ec2/ec2MetadataOptions.js
@@ -11,7 +11,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#configuring-instance-metadata-service',
     recommended_action: 'Update instance metadata options to use IMDSv2',
     apis: ['EC2:describeInstances'],
-    realtime_triggers: ['ec2:RunInstance', 'ec2:ModifyInstanceMetadataOptions'],
+    realtime_triggers: ['ec2:RunInstances', 'ec2:ModifyInstanceMetadataOptions', 'ec2:TerminateInstances'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/enableDetailedMonitoring.js b/plugins/aws/ec2/enableDetailedMonitoring.js
@@ -11,7 +11,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html',
     recommended_action: 'Modify EC2 instance to enable detailed monitoring.',
     apis: ['EC2:describeInstances'],
-    realtime_triggers: ['ec2:RunInstance', 'ec2:MonitorInstances'],
+    realtime_triggers: ['ec2:RunInstances', 'ec2:MonitorInstances', 'ec2:TerminateInstances'],
 
     run: function(cache, settings, callback) {
         const results = [];

diff --git a/plugins/aws/ec2/encryptedAmi.js b/plugins/aws/ec2/encryptedAmi.js
@@ -16,7 +16,7 @@ module.exports = {
                 'allow it to remain compliant with the encryption at-rest ' +
                 'regulatory requirement.'
     },
-    realtime_triggers: ['ec2:CreateImage', 'ec2:CopyImage'],
+    realtime_triggers: ['ec2:CreateImage', 'ec2:CopyImage', 'ec2:DeregisterImage'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/flowLogsEnabled.js b/plugins/aws/ec2/flowLogsEnabled.js
@@ -19,7 +19,7 @@ module.exports = {
              'cardholder data. Enable VPC flow logs to log these network requests.',
         cis2: '2.9 Ensure VPC flow logging is enabled in all VPCs'
     },
-    realtime_triggers: ['ec2:CreateVpc', 'ec2:CreateFlowLogs', 'ec2:DeleteFlowLogs'],
+    realtime_triggers: ['ec2:CreateVpc', 'ec2:CreateFlowLogs', 'ec2:DeleteFlowLogs', 'ec2:DeleteVpc'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/instanceIamRole.js b/plugins/aws/ec2/instanceIamRole.js
@@ -18,7 +18,7 @@ module.exports = {
             default: 10
         }
     },
-    realtime_triggers: ['ec2:RunInstance','ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile'],
+    realtime_triggers: ['ec2:RunInstances','ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile', 'ec2:TerminateInstances'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/instanceKeyBasedLogin.js b/plugins/aws/ec2/instanceKeyBasedLogin.js
@@ -18,7 +18,7 @@ module.exports = {
             default: '10'
         }
     },
-    realtime_triggers: ['ec2:RunInstance', 'ec2:ModifyInstanceAttribute'],
+    realtime_triggers: ['ec2:RunInstances', 'ec2:ModifyInstanceAttribute', 'ec2;TerminateInstances'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/instanceLimit.js b/plugins/aws/ec2/instanceLimit.js
@@ -24,7 +24,7 @@ module.exports = {
             default: 75
         }
     },
-    realtime_triggers: ['ec2:RunInstance', 'ec2:TerminateInstance'],
+    realtime_triggers: ['ec2:RunInstances', 'ec2:TerminateInstances'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/instanceMaxCount.js b/plugins/aws/ec2/instanceMaxCount.js
@@ -205,7 +205,7 @@ module.exports = {
         },
 
     },
-    realtime_triggers: ['ec2:RunInstance', 'ec2:TerminateInstance'],
+    realtime_triggers: ['ec2:RunInstances', 'ec2:TerminateInstances'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/instanceVcpusLimit.js b/plugins/aws/ec2/instanceVcpusLimit.js
@@ -24,7 +24,7 @@ module.exports = {
             default: 75
         }
     },
-    realtime_triggers: ['ec2:RunInstance', 'ec2:TerminateInstance', 'servicequotas:RequestServiceQuotaIncrease'],
+    realtime_triggers: ['ec2:RunInstances', 'ec2:TerminateInstances', 'servicequotas:RequestServiceQuotaIncrease'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/internetGatewayInVpc.js b/plugins/aws/ec2/internetGatewayInVpc.js
@@ -11,7 +11,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html',
     recommended_action: 'Ensure Internet Gateways have VPC attached to them.',
     apis: ['EC2:describeInternetGateways', 'STS:getCallerIdentity'],
-    realtime_triggers: ['ec2:CreateInternetGateway', 'ec2:DetachInternetGateway', 'ec2:AttachInternetGateway'],
+    realtime_triggers: ['ec2:CreateInternetGateway', 'ec2:DetachInternetGateway', 'ec2:AttachInternetGateway', 'ec2:DeleteInternatGateway'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/managedNatGateway.js b/plugins/aws/ec2/managedNatGateway.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://aws.amazon.com/blogs/aws/new-managed-nat-network-address-translation-gateway-for-aws/',
     recommended_action: 'Update VPCs to use Managed NAT Gateways instead of NAT instances',
     apis: ['EC2:describeVpcs', 'EC2:describeNatGateways', 'STS:getCallerIdentity'],
-    realtime_triggers: ['ec2:CreateNatGateway', 'ec2:ReplaceRoute','ec2:CreateVpc'],
+    realtime_triggers: ['ec2:CreateNatGateway', 'ec2:ReplaceRoute','ec2:CreateVpc', 'ec2:DeleteNatGateway', 'ec2:DeleteVpc'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/natMultiAz.js b/plugins/aws/ec2/natMultiAz.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html',
     recommended_action: 'Launch managed NAT instances in multiple AZs.',
     apis: ['EC2:describeVpcs', 'EC2:describeNatGateways', 'STS:getCallerIdentity'],
-    realtime_triggers: ['ec2:CreateNatGateway'],
+    realtime_triggers: ['ec2:CreateNatGateway', 'ec2:DeleteNatGateway'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/networkAclHasTags.js b/plugins/aws/ec2/networkAclHasTags.js
@@ -10,7 +10,7 @@ module.exports = {
     recommended_action: 'Modify Network ACL and add tags.',
     link: 'https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html',
     apis: ['EC2:describeNetworkAcls', 'STS:getCallerIdentity'],
-    realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:AddTags', 'ec2:DeleteTags'],
+    realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:AddTags', 'ec2:DeleteTags', 'ec2:DeleteNetworkAcl'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/networkAclInboundTraffic.js b/plugins/aws/ec2/networkAclInboundTraffic.js
@@ -13,7 +13,7 @@ module.exports = {
     compliance: {
         cis1: '5.1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports',
     },
-    realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:ReplaceNetworkAclEntry'],
+    realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:ReplaceNetworkAclEntry', 'ec2:DeleteNetworkAcl'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/networkAclOutboundTraffic.js b/plugins/aws/ec2/networkAclOutboundTraffic.js
@@ -10,7 +10,7 @@ module.exports = {
     recommended_action: 'Update Network ACL to allow outbound/egress traffic to specific port ranges only',
     link: 'https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html',
     apis: ['EC2:describeNetworkAcls', 'STS:getCallerIdentity'],
-    realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:ReplaceNetworkAclEntry'],
+    realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:ReplaceNetworkAclEntry', 'ec2:DeleteNetworkAcl'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/ec2/openAllPortsProtocols.js b/plugins/aws/ec2/openAllPortsProtocols.js
@@ -27,7 +27,7 @@ module.exports = {
              'Security groups should be properly secured to prevent access to ' +
              'backend services.'
     },
-    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'],
+    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/openAllPortsProtocolsEgress.js b/plugins/aws/ec2/openAllPortsProtocolsEgress.js
@@ -18,7 +18,7 @@ module.exports = {
             default: 'false',
         }
     },
-    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'],
+    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/openCIFS.js b/plugins/aws/ec2/openCIFS.js
@@ -43,7 +43,7 @@ module.exports = {
         remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'],
         rollback:['ec2:AuthorizeSecurityGroupIngress']
     },
-    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'],
+    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/openCassandraClient.js b/plugins/aws/ec2/openCassandraClient.js
@@ -43,7 +43,7 @@ module.exports = {
         remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'],
         rollback:['ec2:AuthorizeSecurityGroupIngress']
     },
-    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'],
+    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/openCassandraInternode.js b/plugins/aws/ec2/openCassandraInternode.js
@@ -43,7 +43,7 @@ module.exports = {
         remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'],
         rollback:['ec2:AuthorizeSecurityGroupIngress']
     },
-    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'],
+    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/openCassandraMonitoring.js b/plugins/aws/ec2/openCassandraMonitoring.js
@@ -43,7 +43,7 @@ module.exports = {
         remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'],
         rollback:['ec2:AuthorizeSecurityGroupIngress']
     },
-    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'],
+    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress','ec2:DeleteSecurityGroup'],
 
     run: function(cache, settings, callback) {
         var config = {

diff --git a/plugins/aws/ec2/openCassandraThrift.js b/plugins/aws/ec2/openCassandraThrift.js
@@ -43,7 +43,7 @@ module.exports = {
         remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'],
         rollback:['ec2:AuthorizeSecurityGroupIngress']
     },
-    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'],
+    realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress','ec2:DeleteSecurityGroup'],
 
     run: function(cache, settings, callback) {
         var config = {