diff --git a/plugins/aws/ec2/allowedCustomPorts.js b/plugins/aws/ec2/allowedCustomPorts.js index ca1ceefe10..18b6c90328 100644 --- a/plugins/aws/ec2/allowedCustomPorts.js +++ b/plugins/aws/ec2/allowedCustomPorts.js @@ -18,7 +18,7 @@ module.exports = { default: '' } }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/amiHasTags.js b/plugins/aws/ec2/amiHasTags.js index 48e97c5743..099b5a53b4 100644 --- a/plugins/aws/ec2/amiHasTags.js +++ b/plugins/aws/ec2/amiHasTags.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://aws.amazon.com/about-aws/whats-new/2020/12/amazon-machine-images-support-tag-on-create-tag-based-access-control/', recommended_action: 'Modify AMI and add tags.', apis: ['EC2:describeImages'], - realtime_triggers: ['ec2:CreateImage', 'ec2:CreateTags', 'ec2:DeleteTags'], + realtime_triggers: ['ec2:CreateImage', 'ec2:CreateTags', 'ec2:DeleteTags', 'ec2:DeregisterImage'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/appTierInstanceIamRole.js b/plugins/aws/ec2/appTierInstanceIamRole.js index ddc9783c74..d53a3c2c6e 100644 --- a/plugins/aws/ec2/appTierInstanceIamRole.js +++ b/plugins/aws/ec2/appTierInstanceIamRole.js @@ -19,7 +19,7 @@ module.exports = { default: '' }, }, - realtime_triggers: ['ec2:RunInstance', 'ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile'], + realtime_triggers: ['ec2:RunInstances', 'ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/classicInstances.js b/plugins/aws/ec2/classicInstances.js index c9743ddf64..a6f0ae8946 100644 --- a/plugins/aws/ec2/classicInstances.js +++ b/plugins/aws/ec2/classicInstances.js @@ -19,7 +19,7 @@ module.exports = { 'segmentation criteria for PCI. Ensure all instances are launched ' + 'within a VPC to comply with isolation requirements.' }, - realtime_triggers: ['ec2:RunInstance'], + realtime_triggers: ['ec2:RunInstances','ec2:TerminateInstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/crossVpcPublicPrivate.js b/plugins/aws/ec2/crossVpcPublicPrivate.js index 22404af170..823299f687 100644 --- a/plugins/aws/ec2/crossVpcPublicPrivate.js +++ b/plugins/aws/ec2/crossVpcPublicPrivate.js @@ -16,7 +16,7 @@ module.exports = { 'communicate across these segmented boundaries. Ensure that public ' + 'services in one VPC cannot communicate with the private tier of another.' }, - realtime_triggers: ['ec2:CreateVpcPeeringConnection', 'ec2:ModifyVpcPeeringConnectionOptions'], + realtime_triggers: ['ec2:CreateVpcPeeringConnection', 'ec2:ModifyVpcPeeringConnectionOptions', 'ec2:DeleteVpcPeeringConnection'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/defaultSecurityGroup.js b/plugins/aws/ec2/defaultSecurityGroup.js index afb26825e7..314dc28782 100644 --- a/plugins/aws/ec2/defaultSecurityGroup.js +++ b/plugins/aws/ec2/defaultSecurityGroup.js @@ -17,7 +17,7 @@ module.exports = { 'unintended traffic to cross these isolation boundaries.', cis2: '4.3 Ensure the default security group of every VPC restricts all traffic' }, - realtime_triggers: ['ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/defaultSecurityGroupInUse.js b/plugins/aws/ec2/defaultSecurityGroupInUse.js index a06db51908..f984506ab7 100644 --- a/plugins/aws/ec2/defaultSecurityGroupInUse.js +++ b/plugins/aws/ec2/defaultSecurityGroupInUse.js @@ -10,7 +10,7 @@ module.exports = { link: 'http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#default-security-group', recommended_action: 'Modify EC2 instances and change security group.', apis: ['EC2:describeInstances'], - realtime_triggers: ['ec2:RunInstance', 'ec2:ModifyInstanceAttribute'], + realtime_triggers: ['ec2:RunInstances', 'ec2:ModifyInstanceAttribute', 'ec2:TerminateInnstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/defaultVpcExists.js b/plugins/aws/ec2/defaultVpcExists.js index c328295b9e..4f449f3b90 100644 --- a/plugins/aws/ec2/defaultVpcExists.js +++ b/plugins/aws/ec2/defaultVpcExists.js @@ -10,7 +10,7 @@ module.exports = { link: 'http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html', recommended_action: 'Move resources from the default VPC to a new VPC created for that application or resource group.', apis: ['EC2:describeVpcs', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateVpc', 'ec2:ModifyVpcAttribute'], + realtime_triggers: ['ec2:CreateVpc', 'ec2:ModifyVpcAttribute', 'ec2:DeleteVpc'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/defaultVpcInUse.js b/plugins/aws/ec2/defaultVpcInUse.js index 6bd39ddbbe..d9d0516264 100644 --- a/plugins/aws/ec2/defaultVpcInUse.js +++ b/plugins/aws/ec2/defaultVpcInUse.js @@ -10,7 +10,7 @@ module.exports = { link: 'http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html', recommended_action: 'Move resources from the default VPC to a new VPC created for that application or resource group.', apis: ['EC2:describeVpcs', 'EC2:describeInstances', 'ELB:describeLoadBalancers', 'Lambda:listFunctions', 'RDS:describeDBInstances', 'Redshift:describeClusters'], - realtime_triggers: ['ec2:CreateVpc', 'ec2:ModifyVpcAttribute', 'ec2:RunInstance','elasticloadbalancing:CreateLoadBalancer','elasticloadbalancing:ModifyLoadBalancerAttributes', 'lambda:CreateFunction','lambda:UpdateFunctionConfiguration', 'rds:CreateDBInstance','rds:ModifyDBInstance','redshift:CreateCluster','redshift:ModifyCluster'], + realtime_triggers: ['ec2:CreateVpc', 'ec2:DeleteVpc', 'ec2:ModifyVpcAttribute', 'ec2:RunInstances', 'TerminateInstances','elb:CreateLoadBalancer','elb:ModifyLoadBalancerAttributes','elb:DeleteLoadBalancer', 'lambda:CreateFunction','lambda:UpdateFunctionConfiguration', 'lamda:DeleteFunction','rds:CreateDBInstance','rds:ModifyDBInstance','rds:DeleteDBInstance','redshift:CreateCluster','redshift:ModifyCluster', 'redshift:DeleteCluster'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/ebsBackupEnabled.js b/plugins/aws/ec2/ebsBackupEnabled.js index b04fa32e70..d14288e5e7 100644 --- a/plugins/aws/ec2/ebsBackupEnabled.js +++ b/plugins/aws/ec2/ebsBackupEnabled.js @@ -18,7 +18,7 @@ module.exports = { default: 'true' } }, - realtime_triggers: ['ec2:CreateSnapshot', 'ec2:CreateVloume'], + realtime_triggers: ['ec2:CreateSnapshot', 'ec2:CreateVloume', 'ec2: DeleteVolume', 'ec2:DeleteSnapshot'], run: function(cache, settings, callback) { let results = []; diff --git a/plugins/aws/ec2/ebsDefaultEncryptionEnabled.js b/plugins/aws/ec2/ebsDefaultEncryptionEnabled.js index d91e1a327c..6af51cbe51 100644 --- a/plugins/aws/ec2/ebsDefaultEncryptionEnabled.js +++ b/plugins/aws/ec2/ebsDefaultEncryptionEnabled.js @@ -18,7 +18,7 @@ module.exports = { default: 'awskms', }, }, - realtime_triggers: ['ec2:CreateVolume', 'ec2:EnableEbsEncryptionByDefault', 'ec2:DisableEbsEncryptionByDefault', 'ec2:ModifyEbsDefaultKmsKeyId'], + realtime_triggers: ['ec2:CreateVolume', 'ec2:EnableEbsEncryptionByDefault', 'ec2:DisableEbsEncryptionByDefault', 'ec2:ModifyEbsDefaultKmsKeyId', 'ec2:DeleteVolume'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/ebsEncryptionEnabled.js b/plugins/aws/ec2/ebsEncryptionEnabled.js index 653a4ed0fb..cedce04df7 100644 --- a/plugins/aws/ec2/ebsEncryptionEnabled.js +++ b/plugins/aws/ec2/ebsEncryptionEnabled.js @@ -58,7 +58,7 @@ module.exports = { }, }, - realtime_triggers: ['ec2:CreateVolume'], + realtime_triggers: ['ec2:CreateVolume', 'ec2;DeleteVolume'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/ebsRecentSnapshots.js b/plugins/aws/ec2/ebsRecentSnapshots.js index 9bd01f38da..f4898d9edc 100644 --- a/plugins/aws/ec2/ebsRecentSnapshots.js +++ b/plugins/aws/ec2/ebsRecentSnapshots.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html', recommended_action: 'Create a new snapshot for EBS volume weekly.', apis: ['EC2:describeSnapshots','STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateSnapshot'], + realtime_triggers: ['ec2:CreateSnapshot', 'ec2:DeleteSnapshot'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/ebsSnapshotHasTags.js b/plugins/aws/ec2/ebsSnapshotHasTags.js index e9687ba78b..f40ef54b88 100644 --- a/plugins/aws/ec2/ebsSnapshotHasTags.js +++ b/plugins/aws/ec2/ebsSnapshotHasTags.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://aws.amazon.com/blogs/compute/tag-amazon-ebs-snapshots-on-creation-and-implement-stronger-security-policies/', recommended_action: 'Modify EBS snapshots and add tags.', apis: ['EC2:describeSnapshots'], - realtime_triggers: ['ec2:CreateSnapshot', 'ec2:AddTags', 'ec2:DeleteTags'], + realtime_triggers: ['ec2:CreateSnapshot', 'ec2:AddTags', 'ec2:DeleteTags','ec2:DeleteSnapshot'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/ebsSnapshotLifecycle.js b/plugins/aws/ec2/ebsSnapshotLifecycle.js index ee613095c5..ad140f1199 100644 --- a/plugins/aws/ec2/ebsSnapshotLifecycle.js +++ b/plugins/aws/ec2/ebsSnapshotLifecycle.js @@ -12,7 +12,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html', apis: ['EC2:describeInstances', 'EC2:describeVolumes', 'DLM:getLifecyclePolicies', 'DLM:getLifecyclePolicy', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateVolume','dlm:CreateLifecyclePolicy', 'dlm:DeleteLifecyclePolicy', 'dlm:UpdateLifecyclePolicy'], + realtime_triggers: ['ec2:CreateVolume','dlm:CreateLifecyclePolicy', 'dlm:DeleteLifecyclePolicy', 'dlm:UpdateLifecyclePolicy','ec2:DeleteVolume'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/ebsSnapshotPublic.js b/plugins/aws/ec2/ebsSnapshotPublic.js index 16cd944cde..7e44e3db3b 100644 --- a/plugins/aws/ec2/ebsSnapshotPublic.js +++ b/plugins/aws/ec2/ebsSnapshotPublic.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html', recommended_action: 'Modify the permissions of public snapshots to remove public access.', apis: ['EC2:describeSnapshots', 'EC2:describeSnapshotAttribute'], - realtime_triggers: ['ec2:CreateSnapshot' , 'ec2:ModifySnapshotAttribute'], + realtime_triggers: ['ec2:CreateSnapshot' , 'ec2:ModifySnapshotAttribute', 'ec2:DeleteSnapshot'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/ebsVolumeHasTags.js b/plugins/aws/ec2/ebsVolumeHasTags.js index 426a7ddbe4..0d9d4f3a2c 100644 --- a/plugins/aws/ec2/ebsVolumeHasTags.js +++ b/plugins/aws/ec2/ebsVolumeHasTags.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Modify EBS volumes and add tags', link: 'https://aws.amazon.com/blogs/aws/new-tag-ec2-instances-ebs-volumes-on-creation/', apis: ['EC2:describeVolumes', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateVolume', 'ec2:AddTags', 'ec2:DeleteTags'], + realtime_triggers: ['ec2:CreateVolume', 'ec2:AddTags', 'ec2:DeleteTags','ec2:DeleteVolume'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/ec2HasTags.js b/plugins/aws/ec2/ec2HasTags.js index 6db8b342dc..34a9b7376e 100644 --- a/plugins/aws/ec2/ec2HasTags.js +++ b/plugins/aws/ec2/ec2HasTags.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html', recommended_action: 'Modify EC2 instances and add tags.', apis: ['EC2:describeInstances'], - realtime_triggers: ['ec2:RunInstance', 'ec2:AddTags', 'ec2:DeleteTags'], + realtime_triggers: ['ec2:RunInstances', 'ec2:AddTags', 'ec2:DeleteTags', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/ec2MetadataOptions.js b/plugins/aws/ec2/ec2MetadataOptions.js index 192f10dd86..4d0bd8dc2f 100644 --- a/plugins/aws/ec2/ec2MetadataOptions.js +++ b/plugins/aws/ec2/ec2MetadataOptions.js @@ -11,7 +11,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#configuring-instance-metadata-service', recommended_action: 'Update instance metadata options to use IMDSv2', apis: ['EC2:describeInstances'], - realtime_triggers: ['ec2:RunInstance', 'ec2:ModifyInstanceMetadataOptions'], + realtime_triggers: ['ec2:RunInstances', 'ec2:ModifyInstanceMetadataOptions', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/enableDetailedMonitoring.js b/plugins/aws/ec2/enableDetailedMonitoring.js index 5170993242..97e6b74e24 100644 --- a/plugins/aws/ec2/enableDetailedMonitoring.js +++ b/plugins/aws/ec2/enableDetailedMonitoring.js @@ -11,7 +11,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html', recommended_action: 'Modify EC2 instance to enable detailed monitoring.', apis: ['EC2:describeInstances'], - realtime_triggers: ['ec2:RunInstance', 'ec2:MonitorInstances'], + realtime_triggers: ['ec2:RunInstances', 'ec2:MonitorInstances', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { const results = []; diff --git a/plugins/aws/ec2/encryptedAmi.js b/plugins/aws/ec2/encryptedAmi.js index cfa8dfeada..0c0ee924a9 100644 --- a/plugins/aws/ec2/encryptedAmi.js +++ b/plugins/aws/ec2/encryptedAmi.js @@ -16,7 +16,7 @@ module.exports = { 'allow it to remain compliant with the encryption at-rest ' + 'regulatory requirement.' }, - realtime_triggers: ['ec2:CreateImage', 'ec2:CopyImage'], + realtime_triggers: ['ec2:CreateImage', 'ec2:CopyImage', 'ec2:DeregisterImage'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/flowLogsEnabled.js b/plugins/aws/ec2/flowLogsEnabled.js index 069d9912fa..5aa9d0a923 100644 --- a/plugins/aws/ec2/flowLogsEnabled.js +++ b/plugins/aws/ec2/flowLogsEnabled.js @@ -19,7 +19,7 @@ module.exports = { 'cardholder data. Enable VPC flow logs to log these network requests.', cis2: '2.9 Ensure VPC flow logging is enabled in all VPCs' }, - realtime_triggers: ['ec2:CreateVpc', 'ec2:CreateFlowLogs', 'ec2:DeleteFlowLogs'], + realtime_triggers: ['ec2:CreateVpc', 'ec2:CreateFlowLogs', 'ec2:DeleteFlowLogs', 'ec2:DeleteVpc'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/instanceIamRole.js b/plugins/aws/ec2/instanceIamRole.js index fe3d04b022..442ec4682e 100644 --- a/plugins/aws/ec2/instanceIamRole.js +++ b/plugins/aws/ec2/instanceIamRole.js @@ -18,7 +18,7 @@ module.exports = { default: 10 } }, - realtime_triggers: ['ec2:RunInstance','ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile'], + realtime_triggers: ['ec2:RunInstances','ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/instanceKeyBasedLogin.js b/plugins/aws/ec2/instanceKeyBasedLogin.js index ea66558a4b..4a970a4e96 100644 --- a/plugins/aws/ec2/instanceKeyBasedLogin.js +++ b/plugins/aws/ec2/instanceKeyBasedLogin.js @@ -18,7 +18,7 @@ module.exports = { default: '10' } }, - realtime_triggers: ['ec2:RunInstance', 'ec2:ModifyInstanceAttribute'], + realtime_triggers: ['ec2:RunInstances', 'ec2:ModifyInstanceAttribute', 'ec2;TerminateInstances'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/instanceLimit.js b/plugins/aws/ec2/instanceLimit.js index b6e55ea493..2b97ec831c 100644 --- a/plugins/aws/ec2/instanceLimit.js +++ b/plugins/aws/ec2/instanceLimit.js @@ -24,7 +24,7 @@ module.exports = { default: 75 } }, - realtime_triggers: ['ec2:RunInstance', 'ec2:TerminateInstance'], + realtime_triggers: ['ec2:RunInstances', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/instanceMaxCount.js b/plugins/aws/ec2/instanceMaxCount.js index 548625d245..ed97e11487 100644 --- a/plugins/aws/ec2/instanceMaxCount.js +++ b/plugins/aws/ec2/instanceMaxCount.js @@ -205,7 +205,7 @@ module.exports = { }, }, - realtime_triggers: ['ec2:RunInstance', 'ec2:TerminateInstance'], + realtime_triggers: ['ec2:RunInstances', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/instanceVcpusLimit.js b/plugins/aws/ec2/instanceVcpusLimit.js index ed85d96e6f..80a558d826 100644 --- a/plugins/aws/ec2/instanceVcpusLimit.js +++ b/plugins/aws/ec2/instanceVcpusLimit.js @@ -24,7 +24,7 @@ module.exports = { default: 75 } }, - realtime_triggers: ['ec2:RunInstance', 'ec2:TerminateInstance', 'servicequotas:RequestServiceQuotaIncrease'], + realtime_triggers: ['ec2:RunInstances', 'ec2:TerminateInstances', 'servicequotas:RequestServiceQuotaIncrease'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/internetGatewayInVpc.js b/plugins/aws/ec2/internetGatewayInVpc.js index ef68b75fcd..c4d515c531 100644 --- a/plugins/aws/ec2/internetGatewayInVpc.js +++ b/plugins/aws/ec2/internetGatewayInVpc.js @@ -11,7 +11,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html', recommended_action: 'Ensure Internet Gateways have VPC attached to them.', apis: ['EC2:describeInternetGateways', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateInternetGateway', 'ec2:DetachInternetGateway', 'ec2:AttachInternetGateway'], + realtime_triggers: ['ec2:CreateInternetGateway', 'ec2:DetachInternetGateway', 'ec2:AttachInternetGateway', 'ec2:DeleteInternatGateway'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/managedNatGateway.js b/plugins/aws/ec2/managedNatGateway.js index c7cafdfec6..70411b6787 100644 --- a/plugins/aws/ec2/managedNatGateway.js +++ b/plugins/aws/ec2/managedNatGateway.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://aws.amazon.com/blogs/aws/new-managed-nat-network-address-translation-gateway-for-aws/', recommended_action: 'Update VPCs to use Managed NAT Gateways instead of NAT instances', apis: ['EC2:describeVpcs', 'EC2:describeNatGateways', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateNatGateway', 'ec2:ReplaceRoute','ec2:CreateVpc'], + realtime_triggers: ['ec2:CreateNatGateway', 'ec2:ReplaceRoute','ec2:CreateVpc', 'ec2:DeleteNatGateway', 'ec2:DeleteVpc'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/natMultiAz.js b/plugins/aws/ec2/natMultiAz.js index 3a513e46f7..6332727fc7 100644 --- a/plugins/aws/ec2/natMultiAz.js +++ b/plugins/aws/ec2/natMultiAz.js @@ -10,7 +10,7 @@ module.exports = { link: 'http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html', recommended_action: 'Launch managed NAT instances in multiple AZs.', apis: ['EC2:describeVpcs', 'EC2:describeNatGateways', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateNatGateway'], + realtime_triggers: ['ec2:CreateNatGateway', 'ec2:DeleteNatGateway'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/networkAclHasTags.js b/plugins/aws/ec2/networkAclHasTags.js index a53f75eb86..59d38bf3fb 100644 --- a/plugins/aws/ec2/networkAclHasTags.js +++ b/plugins/aws/ec2/networkAclHasTags.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Modify Network ACL and add tags.', link: 'https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html', apis: ['EC2:describeNetworkAcls', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:AddTags', 'ec2:DeleteTags'], + realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:AddTags', 'ec2:DeleteTags', 'ec2:DeleteNetworkAcl'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/networkAclInboundTraffic.js b/plugins/aws/ec2/networkAclInboundTraffic.js index 3ea2ed9399..c0bb6b5cec 100644 --- a/plugins/aws/ec2/networkAclInboundTraffic.js +++ b/plugins/aws/ec2/networkAclInboundTraffic.js @@ -13,7 +13,7 @@ module.exports = { compliance: { cis1: '5.1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports', }, - realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:ReplaceNetworkAclEntry'], + realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:ReplaceNetworkAclEntry', 'ec2:DeleteNetworkAcl'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/networkAclOutboundTraffic.js b/plugins/aws/ec2/networkAclOutboundTraffic.js index d0190c12a7..e7fef5758d 100644 --- a/plugins/aws/ec2/networkAclOutboundTraffic.js +++ b/plugins/aws/ec2/networkAclOutboundTraffic.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Update Network ACL to allow outbound/egress traffic to specific port ranges only', link: 'https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html', apis: ['EC2:describeNetworkAcls', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:ReplaceNetworkAclEntry'], + realtime_triggers: ['ec2:CreateNetworkAcl', 'ec2:ReplaceNetworkAclEntry', 'ec2:DeleteNetworkAcl'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/openAllPortsProtocols.js b/plugins/aws/ec2/openAllPortsProtocols.js index 6b5a551e49..71185bf914 100644 --- a/plugins/aws/ec2/openAllPortsProtocols.js +++ b/plugins/aws/ec2/openAllPortsProtocols.js @@ -27,7 +27,7 @@ module.exports = { 'Security groups should be properly secured to prevent access to ' + 'backend services.' }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openAllPortsProtocolsEgress.js b/plugins/aws/ec2/openAllPortsProtocolsEgress.js index 1af9a4f4e2..1c24ee7dad 100644 --- a/plugins/aws/ec2/openAllPortsProtocolsEgress.js +++ b/plugins/aws/ec2/openAllPortsProtocolsEgress.js @@ -18,7 +18,7 @@ module.exports = { default: 'false', } }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openCIFS.js b/plugins/aws/ec2/openCIFS.js index ef285cc08f..54a2ab5b92 100644 --- a/plugins/aws/ec2/openCIFS.js +++ b/plugins/aws/ec2/openCIFS.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openCassandraClient.js b/plugins/aws/ec2/openCassandraClient.js index 86da19db1e..7ea97b2bf6 100644 --- a/plugins/aws/ec2/openCassandraClient.js +++ b/plugins/aws/ec2/openCassandraClient.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openCassandraInternode.js b/plugins/aws/ec2/openCassandraInternode.js index 986271e5ce..1439db076c 100644 --- a/plugins/aws/ec2/openCassandraInternode.js +++ b/plugins/aws/ec2/openCassandraInternode.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openCassandraMonitoring.js b/plugins/aws/ec2/openCassandraMonitoring.js index 49dd4276cf..8c2b723f0e 100644 --- a/plugins/aws/ec2/openCassandraMonitoring.js +++ b/plugins/aws/ec2/openCassandraMonitoring.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress','ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openCassandraThrift.js b/plugins/aws/ec2/openCassandraThrift.js index 5679561ed5..821611e8b9 100644 --- a/plugins/aws/ec2/openCassandraThrift.js +++ b/plugins/aws/ec2/openCassandraThrift.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress','ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openCustomPorts.js b/plugins/aws/ec2/openCustomPorts.js index 7bbffa3a93..2c8524b042 100644 --- a/plugins/aws/ec2/openCustomPorts.js +++ b/plugins/aws/ec2/openCustomPorts.js @@ -24,7 +24,7 @@ module.exports = { default: 'false', } }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openDNS.js b/plugins/aws/ec2/openDNS.js index 4f8c5c4509..91090378c6 100644 --- a/plugins/aws/ec2/openDNS.js +++ b/plugins/aws/ec2/openDNS.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openDocker.js b/plugins/aws/ec2/openDocker.js index 77376f3a2c..dc39dc4ff1 100644 --- a/plugins/aws/ec2/openDocker.js +++ b/plugins/aws/ec2/openDocker.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress', 'ec2:RevokeSecurityGroupIngress'], rollback: ['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress','ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openElasticsearch.js b/plugins/aws/ec2/openElasticsearch.js index 53bf3cab5a..0aaec97c48 100644 --- a/plugins/aws/ec2/openElasticsearch.js +++ b/plugins/aws/ec2/openElasticsearch.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openFTP.js b/plugins/aws/ec2/openFTP.js index 8369757b17..64a61ce490 100644 --- a/plugins/aws/ec2/openFTP.js +++ b/plugins/aws/ec2/openFTP.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openHTTP.js b/plugins/aws/ec2/openHTTP.js index 2286a29b77..879cb6323b 100644 --- a/plugins/aws/ec2/openHTTP.js +++ b/plugins/aws/ec2/openHTTP.js @@ -10,7 +10,7 @@ module.exports = { link: 'http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html', recommended_action: 'Restrict TCP port 80 to known IP addresses', apis: ['EC2:describeSecurityGroups'], - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { diff --git a/plugins/aws/ec2/openHTTPS.js b/plugins/aws/ec2/openHTTPS.js index 827153c8cf..e79bcbd772 100644 --- a/plugins/aws/ec2/openHTTPS.js +++ b/plugins/aws/ec2/openHTTPS.js @@ -10,7 +10,7 @@ module.exports = { link: 'http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html', recommended_action: 'Restrict TCP port 443 to known IP addresses.', apis: ['EC2:describeSecurityGroups'], - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/openHadoopNameNode.js b/plugins/aws/ec2/openHadoopNameNode.js index e487c8cf44..56e4af6c23 100644 --- a/plugins/aws/ec2/openHadoopNameNode.js +++ b/plugins/aws/ec2/openHadoopNameNode.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openHadoopNameNodeWebUI.js b/plugins/aws/ec2/openHadoopNameNodeWebUI.js index b718f1e707..41a09a8d0c 100644 --- a/plugins/aws/ec2/openHadoopNameNodeWebUI.js +++ b/plugins/aws/ec2/openHadoopNameNodeWebUI.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openInternalWeb.js b/plugins/aws/ec2/openInternalWeb.js index 71f8e774d2..b39b853c95 100644 --- a/plugins/aws/ec2/openInternalWeb.js +++ b/plugins/aws/ec2/openInternalWeb.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openKibana.js b/plugins/aws/ec2/openKibana.js index c838720ea5..c04fb3e0f7 100644 --- a/plugins/aws/ec2/openKibana.js +++ b/plugins/aws/ec2/openKibana.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openLDAP.js b/plugins/aws/ec2/openLDAP.js index 5299b55323..1b0c4e5191 100644 --- a/plugins/aws/ec2/openLDAP.js +++ b/plugins/aws/ec2/openLDAP.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openLDAPS.js b/plugins/aws/ec2/openLDAPS.js index ba6eeac259..8dce4530b1 100644 --- a/plugins/aws/ec2/openLDAPS.js +++ b/plugins/aws/ec2/openLDAPS.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openMemcached.js b/plugins/aws/ec2/openMemcached.js index 82a60c1598..df730a8714 100644 --- a/plugins/aws/ec2/openMemcached.js +++ b/plugins/aws/ec2/openMemcached.js @@ -49,7 +49,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openMongoDB.js b/plugins/aws/ec2/openMongoDB.js index caa1c69984..6eebc6c1bc 100644 --- a/plugins/aws/ec2/openMongoDB.js +++ b/plugins/aws/ec2/openMongoDB.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openMySQL.js b/plugins/aws/ec2/openMySQL.js index 7fdf5c5421..f7144eb641 100644 --- a/plugins/aws/ec2/openMySQL.js +++ b/plugins/aws/ec2/openMySQL.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openNetBIOS.js b/plugins/aws/ec2/openNetBIOS.js index 7f0f73ea66..262b7a5290 100644 --- a/plugins/aws/ec2/openNetBIOS.js +++ b/plugins/aws/ec2/openNetBIOS.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openOracle.js b/plugins/aws/ec2/openOracle.js index b9f82980a9..fd0365e72e 100644 --- a/plugins/aws/ec2/openOracle.js +++ b/plugins/aws/ec2/openOracle.js @@ -45,7 +45,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openOracleAutoDataWarehouse.js b/plugins/aws/ec2/openOracleAutoDataWarehouse.js index beb59c5ead..79e1760332 100644 --- a/plugins/aws/ec2/openOracleAutoDataWarehouse.js +++ b/plugins/aws/ec2/openOracleAutoDataWarehouse.js @@ -45,7 +45,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openPostgreSQL.js b/plugins/aws/ec2/openPostgreSQL.js index 41b820a87d..1b9815ca42 100644 --- a/plugins/aws/ec2/openPostgreSQL.js +++ b/plugins/aws/ec2/openPostgreSQL.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openRDP.js b/plugins/aws/ec2/openRDP.js index b0bab5708f..057d4ad766 100644 --- a/plugins/aws/ec2/openRDP.js +++ b/plugins/aws/ec2/openRDP.js @@ -46,7 +46,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openRPC.js b/plugins/aws/ec2/openRPC.js index 27b75a3a3e..cc0154d8e5 100644 --- a/plugins/aws/ec2/openRPC.js +++ b/plugins/aws/ec2/openRPC.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openRedis.js b/plugins/aws/ec2/openRedis.js index ad8ec70c88..15733527ec 100644 --- a/plugins/aws/ec2/openRedis.js +++ b/plugins/aws/ec2/openRedis.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openSMBoTCP.js b/plugins/aws/ec2/openSMBoTCP.js index 8278832d5a..69c774736b 100644 --- a/plugins/aws/ec2/openSMBoTCP.js +++ b/plugins/aws/ec2/openSMBoTCP.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openSMTP.js b/plugins/aws/ec2/openSMTP.js index 9d4975db31..d51c7a00f5 100644 --- a/plugins/aws/ec2/openSMTP.js +++ b/plugins/aws/ec2/openSMTP.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openSNMP.js b/plugins/aws/ec2/openSNMP.js index c4dc1a706f..aca23dc54a 100644 --- a/plugins/aws/ec2/openSNMP.js +++ b/plugins/aws/ec2/openSNMP.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openSQLServer.js b/plugins/aws/ec2/openSQLServer.js index 7c90205ef7..3ad6ba44bf 100644 --- a/plugins/aws/ec2/openSQLServer.js +++ b/plugins/aws/ec2/openSQLServer.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openSSH.js b/plugins/aws/ec2/openSSH.js index 0f4ae55f82..8ad91ba87d 100644 --- a/plugins/aws/ec2/openSSH.js +++ b/plugins/aws/ec2/openSSH.js @@ -46,7 +46,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openSalt.js b/plugins/aws/ec2/openSalt.js index b8fd45ee98..d8c5bed1d8 100644 --- a/plugins/aws/ec2/openSalt.js +++ b/plugins/aws/ec2/openSalt.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openTelnet.js b/plugins/aws/ec2/openTelnet.js index e1a681488d..4c39c0558e 100644 --- a/plugins/aws/ec2/openTelnet.js +++ b/plugins/aws/ec2/openTelnet.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openVNCClient.js b/plugins/aws/ec2/openVNCClient.js index 72b00bf760..e16467fbee 100644 --- a/plugins/aws/ec2/openVNCClient.js +++ b/plugins/aws/ec2/openVNCClient.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/openVNCServer.js b/plugins/aws/ec2/openVNCServer.js index e16a0efe9b..32145e6236 100644 --- a/plugins/aws/ec2/openVNCServer.js +++ b/plugins/aws/ec2/openVNCServer.js @@ -43,7 +43,7 @@ module.exports = { remediate: ['ec2:AuthorizeSecurityGroupIngress','ec2:RevokeSecurityGroupIngress'], rollback:['ec2:AuthorizeSecurityGroupIngress'] }, - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:ModifySecurityGroupRules','ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/outdatedAmiInUse.js b/plugins/aws/ec2/outdatedAmiInUse.js index a684aeb209..097aad4f5d 100644 --- a/plugins/aws/ec2/outdatedAmiInUse.js +++ b/plugins/aws/ec2/outdatedAmiInUse.js @@ -11,7 +11,7 @@ module.exports = { recommended_action: 'Delete the instances using deprecated AMIs', apis: ['EC2:describeImages', 'EC2:describeInstances', 'AutoScaling:describeLaunchConfigurations', 'EC2:describeLaunchTemplates', 'EC2:describeLaunchTemplateVersions','STS:getCallerIdentity'], - realtime_triggers: ['ec2:RunInstance', 'ec2:TerminateInstance'], + realtime_triggers: ['ec2:RunInstances', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { const results = []; diff --git a/plugins/aws/ec2/overlappingSecurityGroups.js b/plugins/aws/ec2/overlappingSecurityGroups.js index 83e241fc92..560ffb0a53 100644 --- a/plugins/aws/ec2/overlappingSecurityGroups.js +++ b/plugins/aws/ec2/overlappingSecurityGroups.js @@ -13,7 +13,7 @@ module.exports = { recommended_action: 'Structure security groups to provide a single category of access and do not ' + 'duplicate rules across groups used by the same instances.', apis: ['EC2:describeInstances', 'EC2:describeSecurityGroups'], - realtime_triggers: ['ec2:RunInnstance', 'ec2:ModifyInstanceAttribute', 'ec2:ModifySecurityGroupRules'], + realtime_triggers: ['ec2:RunInstances', 'ec2:ModifyInstanceAttribute', 'ec2:ModifySecurityGroupRules', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/overutilizedEC2Instance.js b/plugins/aws/ec2/overutilizedEC2Instance.js index 27809a3fac..2fc3f322c4 100644 --- a/plugins/aws/ec2/overutilizedEC2Instance.js +++ b/plugins/aws/ec2/overutilizedEC2Instance.js @@ -18,7 +18,7 @@ module.exports = { default: '90' } }, - realtime_triggers: ['ec2:RunInstace', 'ec2:ModifyInstanceAttribute'], + realtime_triggers: ['ec2:RunInstances', 'ec2:ModifyInstanceAttribute', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/publicAmi.js b/plugins/aws/ec2/publicAmi.js index 3a8b408738..98398806a6 100644 --- a/plugins/aws/ec2/publicAmi.js +++ b/plugins/aws/ec2/publicAmi.js @@ -10,7 +10,7 @@ module.exports = { link: 'http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html', recommended_action: 'Convert the public AMI a private image.', apis: ['EC2:describeImages'], - realtime_triggers: ['ec2:CreateImage', 'ec2:ResetImageAttribute', 'ec2:ModifyImageAttribute'], + realtime_triggers: ['ec2:CreateImage', 'ec2:ResetImageAttribute', 'ec2:ModifyImageAttribute', 'ec2:DeregisterImage'], run: function(cache, settings, callback) { diff --git a/plugins/aws/ec2/publicIpAddress.js b/plugins/aws/ec2/publicIpAddress.js index 87534b780a..064c4c63d2 100644 --- a/plugins/aws/ec2/publicIpAddress.js +++ b/plugins/aws/ec2/publicIpAddress.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html', recommended_action: 'Remove the public IP address from the EC2 instances to block public access to the instance', apis: ['EC2:describeInstances', 'STS:getCallerIdentity', 'EC2:describeSecurityGroups'], - realtime_triggers: ['ec2:RunInstance','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules'], + realtime_triggers: ['ec2:RunInstances','ec2:AuthorizeSecurityGroupIngress','ec2:ModifySecurityGroupRules', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/securityGroupRfc1918.js b/plugins/aws/ec2/securityGroupRfc1918.js index 35f10c3200..8f8618e139 100644 --- a/plugins/aws/ec2/securityGroupRfc1918.js +++ b/plugins/aws/ec2/securityGroupRfc1918.js @@ -18,7 +18,7 @@ module.exports = { default: '10.0.0.0/8,172.16.0.0/12,192.168.0.0/16' } }, - realtime_triggers: ['ec2:AuthorizeSecurityGroupIngress', 'ec2:RevokeSecurityGroupIngress'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:AuthorizeSecurityGroupIngress', 'ec2:RevokeSecurityGroupIngress', 'ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/securityGroupsHasTags.js b/plugins/aws/ec2/securityGroupsHasTags.js index 65a34a7d88..fd84e3836d 100644 --- a/plugins/aws/ec2/securityGroupsHasTags.js +++ b/plugins/aws/ec2/securityGroupsHasTags.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://aws.amazon.com/about-aws/whats-new/2021/07/amazon-ec2-adds-resource-identifiers-tags-vpc-security-groups-rules/', recommended_action: 'Update Security Group and add Tags', apis: ['EC2:describeSecurityGroups'], - realtime_triggers: ['ec2:CreateSecurityGroup', 'ec2:AddTags', 'ec2:DeleteTags'], + realtime_triggers: ['ec2:CreateSecurityGroup', 'ec2:AddTags', 'ec2:DeleteTags','ec2:DeleteSecurityGroup'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/subnetIpAvailability.js b/plugins/aws/ec2/subnetIpAvailability.js index 1852f44223..4b24499ee7 100644 --- a/plugins/aws/ec2/subnetIpAvailability.js +++ b/plugins/aws/ec2/subnetIpAvailability.js @@ -24,7 +24,7 @@ module.exports = { default: 75 } }, - realtime_triggers: ['ec2:CreateSubnet'], + realtime_triggers: ['ec2:CreateSubnet', 'ec2:DeleteSubnet'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ec2/unusedSecurityGroups.js b/plugins/aws/ec2/unusedSecurityGroups.js index 3f3eb63933..465e2d78ed 100644 --- a/plugins/aws/ec2/unusedSecurityGroups.js +++ b/plugins/aws/ec2/unusedSecurityGroups.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html', recommended_action: 'Remove security groups that are not being used.', apis: ['EC2:describeSecurityGroups', 'EC2:describeNetworkInterfaces', 'Lambda:listFunctions'], - realtime_triggers: ['ec2:CreateSecurityGroup','ec2:DeleteSecurityGroup','ec2:RunInstances','ec2:ModifyInstanceAttribute'], + realtime_triggers: ['ec2:CreateSecurityGroup','ec2:DeleteSecurityGroup','ec2:RunInstances','ec2:ModifyInstanceAttribute', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/vpcEndpointAcceptance.js b/plugins/aws/ec2/vpcEndpointAcceptance.js index 4d32d66ea4..4b998d1236 100644 --- a/plugins/aws/ec2/vpcEndpointAcceptance.js +++ b/plugins/aws/ec2/vpcEndpointAcceptance.js @@ -18,7 +18,7 @@ module.exports = { default: 'false' }, }, - realtime_triggers: ['ec2:CreateVpcEndpointServiceConfiguration', 'ec2:ModifyVpcEndpointServiceConfiguration'], + realtime_triggers: ['ec2:CreateVpcEndpointServiceConfiguration', 'ec2:ModifyVpcEndpointServiceConfiguration', 'ec2:DeleteVpcEndpointServiceConfiguration'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/vpcEndpointCrossAccount.js b/plugins/aws/ec2/vpcEndpointCrossAccount.js index d2e5032341..7525126dee 100644 --- a/plugins/aws/ec2/vpcEndpointCrossAccount.js +++ b/plugins/aws/ec2/vpcEndpointCrossAccount.js @@ -18,7 +18,7 @@ module.exports = { default: '' } }, - realtime_triggers: ['ec2:CreateVpcEndpoint', 'ec2:ModifyVpcEndpoint'], + realtime_triggers: ['ec2:CreateVpcEndpoint', 'ec2:ModifyVpcEndpoint', 'ec2:DeleteVpcEndpoint'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/vpcEndpointExposed.js b/plugins/aws/ec2/vpcEndpointExposed.js index 5be435d624..62ebe65038 100644 --- a/plugins/aws/ec2/vpcEndpointExposed.js +++ b/plugins/aws/ec2/vpcEndpointExposed.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Update VPC endpoint access policy in order to stop any unsigned requests', link: 'https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html', apis: ['EC2:describeVpcEndpoints', 'EC2:describeSubnets', 'EC2:describeRouteTables', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateVpcEndpoint', 'ec2:ModifyVpcEndpoint'], + realtime_triggers: ['ec2:CreateVpcEndpoint', 'ec2:ModifyVpcEndpoint', 'ec2:DeleteVpcEndpoint'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/vpcHasTags.js b/plugins/aws/ec2/vpcHasTags.js index affbc3e0e4..f807239097 100644 --- a/plugins/aws/ec2/vpcHasTags.js +++ b/plugins/aws/ec2/vpcHasTags.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://aws.amazon.com/about-aws/whats-new/2020/07/amazon-vpc-resources-support-tag-on-create/', recommended_action: 'Modify VPCs and add new tags', apis: ['EC2:describeVpcs'], - realtime_triggers: ['ec2:CreateVpc', 'ec2:AddTags', 'ec2:DeleteTags'], + realtime_triggers: ['ec2:CreateVpc', 'ec2:AddTags', 'ec2:DeleteTags', 'ec2:DeleteVpc'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/vpcSubnetInstancesPresent.js b/plugins/aws/ec2/vpcSubnetInstancesPresent.js index 375aa27791..549e3b4dbb 100644 --- a/plugins/aws/ec2/vpcSubnetInstancesPresent.js +++ b/plugins/aws/ec2/vpcSubnetInstancesPresent.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Update VPC subnets and attach instances to it or remove the unused VPC subnets', link: 'https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html', apis: ['EC2:describeInstances', 'EC2:describeSubnets'], - realtime_triggers: ['ec2:RunInstance', 'ec2:CreateSubnet', 'ec2:TerminateInstance','ec2:DeleteSubnet'], + realtime_triggers: ['ec2:RunInstances', 'ec2:CreateSubnet', 'ec2:TerminateInstances','ec2:DeleteSubnet'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/vpnGatewayInVpc.js b/plugins/aws/ec2/vpnGatewayInVpc.js index 479e082e30..25bca90846 100644 --- a/plugins/aws/ec2/vpnGatewayInVpc.js +++ b/plugins/aws/ec2/vpnGatewayInVpc.js @@ -11,7 +11,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html', recommended_action: 'Check if virtual private gateways have vpc associated', apis: ['EC2:describeVpnGateways', 'STS:getCallerIdentity'], - realtime_triggers: ['ec2:CreateVpnGateway', 'ec2:AttachVpnGateway', 'ec2:DeattachVpnGateway'], + realtime_triggers: ['ec2:CreateVpnGateway', 'ec2:AttachVpnGateway', 'ec2:DeattachVpnGateway', 'ec2:DeleteVpnGateway'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/vpnTunnelState.js b/plugins/aws/ec2/vpnTunnelState.js index 2c1323fedb..3e46f7ec32 100644 --- a/plugins/aws/ec2/vpnTunnelState.js +++ b/plugins/aws/ec2/vpnTunnelState.js @@ -18,7 +18,7 @@ module.exports = { default: 'false' } }, - realtime_triggers: ['ec2:CreateVpnConnection'], + realtime_triggers: ['ec2:CreateVpnConnection', 'ec2:DeleteVpnConnection'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ec2/webTierInstanceIamRole.js b/plugins/aws/ec2/webTierInstanceIamRole.js index 5e26957b3a..4dc84f4d79 100644 --- a/plugins/aws/ec2/webTierInstanceIamRole.js +++ b/plugins/aws/ec2/webTierInstanceIamRole.js @@ -19,7 +19,7 @@ module.exports = { default: '' }, }, - realtime_triggers: ['ec2:RunInstance','ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile'], + realtime_triggers: ['ec2:RunInstances','ec2:AssociateIamInstanceProfile', 'ec2:DisassociateIamInstanceProfile', 'ec2:TerminateInstances'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ecr/ecrImageVulnerability.js b/plugins/aws/ecr/ecrImageVulnerability.js index e849d7cd8d..d739668329 100644 --- a/plugins/aws/ecr/ecrImageVulnerability.js +++ b/plugins/aws/ecr/ecrImageVulnerability.js @@ -9,7 +9,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#scanning-on-push', recommended_action: 'Enable "Scan on Push" for your Amazon ECR repositories.', apis: ['ECR:describeRepositories'], - realtime_triggers: ['ecr:CreateRepository', 'ecr:PutImageScanningConfiguration'], + realtime_triggers: ['ecr:CreateRepository', 'ecr:PutImageScanningConfiguration', 'ecr:DeleteRepository'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ecr/ecrRepositoryEncrypted.js b/plugins/aws/ecr/ecrRepositoryEncrypted.js index ff601925e0..7497e5572f 100644 --- a/plugins/aws/ecr/ecrRepositoryEncrypted.js +++ b/plugins/aws/ecr/ecrRepositoryEncrypted.js @@ -19,7 +19,7 @@ module.exports = { default: 'awscmk' } }, - realtime_triggers: ['ecr:CreateRepository'], + realtime_triggers: ['ecr:CreateRepository', 'ecr:DeleteRepository'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ecr/ecrRepositoryHasTags.js b/plugins/aws/ecr/ecrRepositoryHasTags.js index 124386dcfd..4b2114895a 100644 --- a/plugins/aws/ecr/ecrRepositoryHasTags.js +++ b/plugins/aws/ecr/ecrRepositoryHasTags.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-using-tags.html', recommended_action: 'Modify ECR repository and add tags.', apis: ['ECR:describeRepositories', 'ResourceGroupsTaggingAPI:getResources'], - realtime_triggers: ['ecr:CreateRepository', 'ecr:TagResource', 'ecr:UntagResource'], + realtime_triggers: ['ecr:CreateRepository', 'ecr:TagResource', 'ecr:UntagResource', 'ecr:DeleteRepository'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ecr/ecrRepositoryPolicy.js b/plugins/aws/ecr/ecrRepositoryPolicy.js index b86ee2b11d..28636c742f 100644 --- a/plugins/aws/ecr/ecrRepositoryPolicy.js +++ b/plugins/aws/ecr/ecrRepositoryPolicy.js @@ -24,7 +24,7 @@ module.exports = { default: 'true' } }, - realtime_triggers: ['ecr:CreateRepository', 'ecr:SetRepositoryPolicy'], + realtime_triggers: ['ecr:CreateRepository', 'ecr:SetRepositoryPolicy', 'ecr:DeleteRepository'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/ecr/ecrRepositoryTagImmutability.js b/plugins/aws/ecr/ecrRepositoryTagImmutability.js index ac81cd9708..72aad900ab 100644 --- a/plugins/aws/ecr/ecrRepositoryTagImmutability.js +++ b/plugins/aws/ecr/ecrRepositoryTagImmutability.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html', recommended_action: 'Update ECR registry configurations to ensure image tag mutability is set to immutable.', apis: ['ECR:describeRepositories'], - realtime_triggers: ['ecr:CreateRepository', 'ecr:PutImageTagMutability'], + realtime_triggers: ['ecr:CreateRepository', 'ecr:PutImageTagMutability', 'ecr:DeleteRepository'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ecs/ecsClusterActiveService.js b/plugins/aws/ecs/ecsClusterActiveService.js index 04757f8fa7..3f41f72f7b 100644 --- a/plugins/aws/ecs/ecsClusterActiveService.js +++ b/plugins/aws/ecs/ecsClusterActiveService.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Modify Cluster and create new service.', link: 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html', apis: ['ECS:listClusters', 'ECS:describeCluster'], - realtime_triggers: ['ecs:CreateCluster', 'ecs:CreateService', 'ecs:UpdateService', 'ecs:DeleteService'], + realtime_triggers: ['ecs:CreateCluster', 'ecs:CreateService', 'ecs:UpdateService', 'ecs:DeleteService', 'ecs:DeleteCluster'], run: function(cache, settings, callback){ var results = []; diff --git a/plugins/aws/ecs/ecsClusterWithActiveTask.js b/plugins/aws/ecs/ecsClusterWithActiveTask.js index 0c4fb04fc3..9543178e59 100644 --- a/plugins/aws/ecs/ecsClusterWithActiveTask.js +++ b/plugins/aws/ecs/ecsClusterWithActiveTask.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Modify Cluster services and add tasks', link: 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html', apis: ['ECS:listClusters', 'ECS:describeCluster'], - realtime_triggers: ['ecs:CreateCluster', 'ecs:RunTask', 'ecs:StopTask'], + realtime_triggers: ['ecs:CreateCluster', 'ecs:RunTask', 'ecs:StopTask', 'ecs:DeleteCluster'], run: function(cache, settings, callback){ var results = []; diff --git a/plugins/aws/ecs/ecsClustersHaveTags.js b/plugins/aws/ecs/ecsClustersHaveTags.js index 67e4a38c1b..2650669206 100644 --- a/plugins/aws/ecs/ecsClustersHaveTags.js +++ b/plugins/aws/ecs/ecsClustersHaveTags.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html', recommended_action: 'Modify ECS Cluster and add tags.', apis: ['ECS:listClusters', 'ResourceGroupsTaggingAPI:getResources'], - realtime_triggers: ['ecs:CreateCluster', 'ecs:TagResource', 'ecs:UntagResource'], + realtime_triggers: ['ecs:CreateCluster', 'ecs:TagResource', 'ecs:UntagResource', 'ecs:DeleteCluster'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/ecs/ecsContainerInsightsEnabled.js b/plugins/aws/ecs/ecsContainerInsightsEnabled.js index 7df5a3ef41..28a849a602 100644 --- a/plugins/aws/ecs/ecsContainerInsightsEnabled.js +++ b/plugins/aws/ecs/ecsContainerInsightsEnabled.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Enabled container insights feature for ECS clusters.', link: 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html', apis: ['ECS:listClusters', 'ECS:describeCluster'], - realtime_triggers: ['ecs:CreateCluster', 'ecs:UpdateClusterSettings'], + realtime_triggers: ['ecs:CreateCluster', 'ecs:UpdateClusterSettings', 'ecs:DeleteCluster'], run: function(cache, settings, callback){ var results = [];