fix: update integration test workflows by drduhe · Pull Request #307 · aws-solutions-library-samples/guidance-for-processing-overhead-imagery-on-aws

drduhe · 2025-08-25T16:23:03Z

Issue #, if available: n/a

Notes

Problem

Integration tests were failing due to hardcoded 15-minute timeout, insufficient for processing complex NITF files through ML models.

Solution

Enhanced timeout handling: Increased default from 15 to 45 minutes, configurable per test
Centralized configuration: Single DEFAULT_TIMEOUT_MINUTES variable (15 min) for all tests
GitHub Actions timeouts: Model Runner (30 min), Tile Server (15 min)
Improved log filtering with awk for clean test output
Enhanced error handling for Lambda invocation
Better payload visibility (shows actual content vs temp file paths)
Robust temp file handling with mktemp
Updated copyright to 2024-2025

Script now runs without errors and provides clean, focused test results.

Sample output:

==========================================
  Running Tile Server Integration Tests   
==========================================
Invoking the Lambda function 'TSTestRunner' with payload:
Payload: {"image_uri": "s3://osml-test-images-975050113711/small.tif"}
Region: us-west-2

Test Summary
-------------------------------------
Create Viewpoint                  PASSED
Create Viewpoint - Invalid        PASSED
Create Viewpoint - Invalid ID     PASSED
Delete Viewpoint                  PASSED
Delete Viewpoint - Invalid        PASSED
Describe Viewpoint                PASSED
Get Bounds                        PASSED
Get Crop                          PASSED
Get Info                          PASSED
Get Map Tile                      PASSED
Get Map Tileset Metadata          PASSED
Get Map Tilesets                  PASSED
Get Metadata                      PASSED
Get Preview                       PASSED
Get Statistics                    PASSED
Get Statistics - Invalid          PASSED
Get Tile                          PASSED
List Viewpoints                   PASSED
Update Viewpoint                  PASSED
Tests: 19, Passed: 19, Failed: 0, Success: 100.00%
==========================================
       Integration Tests Completed        
==========================================
            All tests passed!             
==========================================

Update NPM dependancies

Updated all npm packages to their latest compatible versions to resolve deprecation warnings and improve security. All dependencies are now current and the project builds successfully.

Testing

Before you submit a pull request, please make sure you have to following:

Your code contains tests that cover all new code and changes
All new and existing tests passed
I have read the Contributing Guidelines and agree to follow the Code of Conduct)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

github-actions · 2025-08-25T16:27:27Z

Please review the existing CDK-Nag Violations for f2d0b8608b9d27a4a1cd39af9798f0f968192564

There are 91 AwsSolutions Violation(s)

Rule ID	Resource ID	Compliance	Exception Reason	Rule Level	Rule Info
AwsSolutions-SNS3	OSML-DataCatalog/DCDataplane/DIOutputTopic/Resource	Non-Compliant	N/A	Error	The SNS Topic does not require publishers to use SSL.
AwsSolutions-IAM4	OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM4	OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM5	OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-OS3	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not only grant access via allowlisted IP addresses.
AwsSolutions-OS4	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not use dedicated master nodes.
AwsSolutions-OS5	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain allows for unsigned requests or anonymous access.
AwsSolutions-OS9	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not minimally publish SEARCH_SLOW_LOGS and INDEX_SLOW_LOGS to CloudWatch Logs.
AwsSolutions-OS9	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not minimally publish SEARCH_SLOW_LOGS and INDEX_SLOW_LOGS to CloudWatch Logs.
AwsSolutions-IAM4	OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/ServiceRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-SNS3	OSML-DataIntake/DIDataplane/DIInputTopic/Resource	Non-Compliant	N/A	Error	The SNS Topic does not require publishers to use SSL.
AwsSolutions-SNS3	OSML-DataIntake/DIDataplane/DIOutputTopic/Resource	Non-Compliant	N/A	Error	The SNS Topic does not require publishers to use SSL.
AwsSolutions-IAM4	OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM4	OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM5	OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-S1	OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket has server access logs disabled.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRImageStatusQueue/MRImageStatusQueueDLQ/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRImageStatusQueue/MRImageStatusQueue/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRImageRequestQueue/MRImageRequestQueueDLQ/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRImageRequestQueue/MRImageRequestQueue/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRRegionRequestQueue/MRRegionRequestQueueDLQ/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRRegionRequestQueue/MRRegionRequestQueue/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-ECS4	OSML-ModelRunner/MRDataplane/MRCluster/Resource	Non-Compliant	N/A	Error	The ECS Cluster has CloudWatch Container Insights disabled.
AwsSolutions-ECS2	OSML-ModelRunner/MRDataplane/MRTaskDefinition/Resource	Non-Compliant	N/A	Error	The ECS Task Definition includes a container definition that directly specifies environment variables.
AwsSolutions-S1	OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket has server access logs disabled.
AwsSolutions-IAM5	OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-S1	OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket has server access logs disabled.
AwsSolutions-IAM4	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM4	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-L1	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource	Non-Compliant	N/A	Error	The non-container Lambda function is not configured to use the latest runtime version.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-ECS4	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPModelCluster/Resource	Non-Compliant	N/A	Error	The ECS Cluster has CloudWatch Container Insights disabled.
AwsSolutions-ECS2	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointFargateTaskDefinition/Resource	Non-Compliant	N/A	Error	The ECS Task Definition includes a container definition that directly specifies environment variables.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointFargateTaskDefinition/ExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-ELB2	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource	Non-Compliant	N/A	Error	The ELB does not have access logs enabled.
AwsSolutions-EC23	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/SecurityGroup/Resource	Non-Compliant	N/A	Error	The Security Group allows for 0.0.0.0/0 or ::/0 inbound access.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-SQS4	OSML-TileServer/TSDataplane/TSJobQueue/TSJobQueueDLQ/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-TileServer/TSDataplane/TSJobQueue/TSJobQueue/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-ECS4	OSML-TileServer/TSDataplane/TSCluster/Resource	Non-Compliant	N/A	Error	The ECS Cluster has CloudWatch Container Insights disabled.
AwsSolutions-ECS2	OSML-TileServer/TSDataplane/TSTaskDefinition/Resource	Non-Compliant	N/A	Error	The ECS Task Definition includes a container definition that directly specifies environment variables.
AwsSolutions-ELB2	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/Resource	Non-Compliant	N/A	Error	The ELB does not have access logs enabled.
AwsSolutions-EC23	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/SecurityGroup/Resource	Non-Compliant	N/A	Error	The Security Group allows for 0.0.0.0/0 or ::/0 inbound access.
AwsSolutions-VPC7	OSML-Vpc/OSMLVpc/OSMLVPC/Resource	Non-Compliant	N/A	Error	The VPC does not have an associated Flow Log.

There are 68 NIST.800.53.R5 Violation(s)

Rule ID	Resource ID	Compliance	Exception Reason	Rule Level	Rule Info
NIST.800.53.R5-SNSEncryptedKMS	OSML-DataCatalog/DCDataplane/DIOutputTopic/Resource	Non-Compliant	N/A	Error	The SNS topic does not have KMS encryption enabled - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1)).
NIST.800.53.R5-OpenSearchErrorLogsToCloudWatch	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not stream error logs (ES_APPLICATION_LOGS) to CloudWatch Logs - (Control ID: AU-10).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-DataCatalog/DCDataplane/DCOSDomain/AccessPolicy/CustomResourcePolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-LambdaConcurrency	OSML-DataCatalog/DCDataplane/DCStacFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-DataCatalog/DCDataplane/DCStacFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-LambdaConcurrency	OSML-DataCatalog/DCDataplane/DCIngestFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-DataCatalog/DCDataplane/DCIngestFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-LambdaConcurrency	OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-LambdaInsideVPC	OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/Resource	Non-Compliant	N/A	Error	The Lambda function is not VPC enabled - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-25).
NIST.800.53.R5-SNSEncryptedKMS	OSML-DataIntake/DIDataplane/DIInputTopic/Resource	Non-Compliant	N/A	Error	The SNS topic does not have KMS encryption enabled - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1)).
NIST.800.53.R5-SNSEncryptedKMS	OSML-DataIntake/DIDataplane/DIOutputTopic/Resource	Non-Compliant	N/A	Error	The SNS topic does not have KMS encryption enabled - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1)).
NIST.800.53.R5-S3BucketLoggingEnabled	OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource	Non-Compliant	N/A	Error	The S3 Buckets does not have server access logs enabled - (Control IDs: AC-2(4), AC-3(1), AC-3(10), AC-4(26), AC-6(9), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-1(1)(c), SI-3(8)(b), SI-4(2), SI-4(17), SI-4(20), SI-7(8), SI-10(1)(c)).
NIST.800.53.R5-S3BucketReplicationEnabled	OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have replication enabled - (Control IDs: AU-9(2), CM-6a, CM-9b, CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-S3BucketVersioningEnabled	OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have versioning enabled - (Control IDs: AU-9(2), CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), PM-11b, PM-17b, SC-5(2), SC-16(1), SI-1a.2, SI-1a.2, SI-1c.2, SI-13(5)).
NIST.800.53.R5-LambdaConcurrency	OSML-DataIntake/DIDataplane/DataIntakeFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-DataIntake/DIDataplane/DataIntakeFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MROutstandingImageJobsTable/MROutstandingImageJobsTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MRJobStatusTable/MRJobStatusTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MRFeaturesTable/MRFeaturesTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MREndpointProcessingTable/MREndpointProcessingTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MRRegionRequestTable/MRRegionRequestTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-CloudWatchLogGroupEncrypted	OSML-ModelRunner/MRDataplane/MRServiceLogGroup/Resource	Non-Compliant	N/A	Error	The CloudWatch Log Group is not encrypted with an AWS KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-S3BucketLoggingEnabled	OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource	Non-Compliant	N/A	Error	The S3 Buckets does not have server access logs enabled - (Control IDs: AC-2(4), AC-3(1), AC-3(10), AC-4(26), AC-6(9), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-1(1)(c), SI-3(8)(b), SI-4(2), SI-4(17), SI-4(20), SI-7(8), SI-10(1)(c)).
NIST.800.53.R5-S3BucketReplicationEnabled	OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have replication enabled - (Control IDs: AU-9(2), CM-6a, CM-9b, CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-S3BucketVersioningEnabled	OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have versioning enabled - (Control IDs: AU-9(2), CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), PM-11b, PM-17b, SC-5(2), SC-16(1), SI-1a.2, SI-1a.2, SI-1c.2, SI-13(5)).
NIST.800.53.R5-S3BucketLoggingEnabled	OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource	Non-Compliant	N/A	Error	The S3 Buckets does not have server access logs enabled - (Control IDs: AC-2(4), AC-3(1), AC-3(10), AC-4(26), AC-6(9), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-1(1)(c), SI-3(8)(b), SI-4(2), SI-4(17), SI-4(20), SI-7(8), SI-10(1)(c)).
NIST.800.53.R5-S3BucketReplicationEnabled	OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have replication enabled - (Control IDs: AU-9(2), CM-6a, CM-9b, CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-S3BucketVersioningEnabled	OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have versioning enabled - (Control IDs: AU-9(2), CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), PM-11b, PM-17b, SC-5(2), SC-16(1), SI-1a.2, SI-1a.2, SI-1c.2, SI-13(5)).
NIST.800.53.R5-EFSInBackupPlan	OSML-Test-Imagery/OSMLTestImagery/BucketDeploymentEFS-VPC-c8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource	Non-Compliant	N/A	Error	The EFS is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-LambdaConcurrency	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-CloudWatchLogGroupEncrypted	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointServiceLogGroup/Resource	Non-Compliant	N/A	Error	The CloudWatch Log Group is not encrypted with an AWS KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointFargateTaskDefinition/ExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-ALBWAFEnabled	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource	Non-Compliant	N/A	Error	The ALB is not associated with AWS WAFv2 web ACL - (Control ID: AC-4(21)).
NIST.800.53.R5-ELBDeletionProtectionEnabled	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB does not have deletion protection enabled - (Control IDs: CA-7(4)(c), CM-2a, CM-2(2), CM-3a, CM-8(6), CP-1a.1(b), CP-1a.2, CP-2a, CP-2a.6, CP-2a.7, CP-2d, CP-2e, CP-2(5), SA-15a.4, SC-5(2), SC-22).
NIST.800.53.R5-ELBLoggingEnabled	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource	Non-Compliant	N/A	Error	The ELB does not have logging enabled - (Control IDs: AC-4(26), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-4(17), SI-7(8)).
NIST.800.53.R5-ALBHttpToHttpsRedirection	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/PublicListener/Resource	Non-Compliant	N/A	Error	The ALB's HTTP listeners are not configured to redirect to HTTPS - (Control IDs: AC-4, AC-4(22), AC-17(2), AC-24(1), AU-9(3), CA-9b, IA-5(1)(c), PM-17b, SC-7(4)(b), SC-7(4)(g), SC-8, SC-8(1), SC-8(2), SC-8(3), SC-8(4), SC-8(5), SC-13a, SC-23, SI-1a.2, SI-1a.2, SI-1c.2).
NIST.800.53.R5-ELBv2ACMCertificateRequired	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/PublicListener/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB listener does not utilize an SSL certificate provided by ACM (Amazon Certificate Manager) - (Control IDs: SC-8(1), SC-23(5)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured	OSML-Test-ModelEndpoints/MREndpoints/OSMLCenterPointModelEndpoint/OSMLCenterPointModelEndpoint-EndpointConfig	Non-Compliant	N/A	Error	The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured	OSML-Test-ModelEndpoints/MREndpoints/OSMLFloodModelEndpoint/OSMLFloodModelEndpoint-EndpointConfig	Non-Compliant	N/A	Error	The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured	OSML-Test-ModelEndpoints/MREndpoints/OSMLAircraftModelEndpoint/OSMLAircraftModelEndpoint-EndpointConfig	Non-Compliant	N/A	Error	The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured	OSML-Test-ModelEndpoints/MREndpoints/OSMLMultiContainerModelEndpoint/OSMLMultiContainerModelEndpoint-EndpointConfig	Non-Compliant	N/A	Error	The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-TileServer/TSDataplane/TSJobTable/TSJobTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-CloudWatchLogGroupEncrypted	OSML-TileServer/TSDataplane/TSServiceLogGroup/Resource	Non-Compliant	N/A	Error	The CloudWatch Log Group is not encrypted with an AWS KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-EFSInBackupPlan	OSML-TileServer/TSDataplane/TSEfsFileSystem/Resource	Non-Compliant	N/A	Error	The EFS is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-ALBWAFEnabled	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/Resource	Non-Compliant	N/A	Error	The ALB is not associated with AWS WAFv2 web ACL - (Control ID: AC-4(21)).
NIST.800.53.R5-ELBDeletionProtectionEnabled	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB does not have deletion protection enabled - (Control IDs: CA-7(4)(c), CM-2a, CM-2(2), CM-3a, CM-8(6), CP-1a.1(b), CP-1a.2, CP-2a, CP-2a.6, CP-2a.7, CP-2d, CP-2e, CP-2(5), SA-15a.4, SC-5(2), SC-22).
NIST.800.53.R5-ELBLoggingEnabled	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/Resource	Non-Compliant	N/A	Error	The ELB does not have logging enabled - (Control IDs: AC-4(26), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-4(17), SI-7(8)).
NIST.800.53.R5-ALBHttpToHttpsRedirection	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/PublicListener/Resource	Non-Compliant	N/A	Error	The ALB's HTTP listeners are not configured to redirect to HTTPS - (Control IDs: AC-4, AC-4(22), AC-17(2), AC-24(1), AU-9(3), CA-9b, IA-5(1)(c), PM-17b, SC-7(4)(b), SC-7(4)(g), SC-8, SC-8(1), SC-8(2), SC-8(3), SC-8(4), SC-8(5), SC-13a, SC-23, SI-1a.2, SI-1a.2, SI-1c.2).
NIST.800.53.R5-ELBv2ACMCertificateRequired	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/PublicListener/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB listener does not utilize an SSL certificate provided by ACM (Amazon Certificate Manager) - (Control IDs: SC-8(1), SC-23(5)).
NIST.800.53.R5-ALBHttpToHttpsRedirection	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/TSALBListener/Resource	Non-Compliant	N/A	Error	The ALB's HTTP listeners are not configured to redirect to HTTPS - (Control IDs: AC-4, AC-4(22), AC-17(2), AC-24(1), AU-9(3), CA-9b, IA-5(1)(c), PM-17b, SC-7(4)(b), SC-7(4)(g), SC-8, SC-8(1), SC-8(2), SC-8(3), SC-8(4), SC-8(5), SC-13a, SC-23, SI-1a.2, SI-1a.2, SI-1c.2).
NIST.800.53.R5-ELBv2ACMCertificateRequired	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/TSALBListener/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB listener does not utilize an SSL certificate provided by ACM (Amazon Certificate Manager) - (Control IDs: SC-8(1), SC-23(5)).
NIST.800.53.R5-LambdaConcurrency	OSML-TileServer/TSDataplane/TSTestRunner/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-TileServer/TSDataplane/TSTestRunner/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-VPCDefaultSecurityGroupClosed	OSML-Vpc/OSMLVpc/OSMLVPC/Resource	Non-Compliant	N/A	Warning	The VPC's default security group allows inbound or outbound traffic - (Control IDs: AC-4(21), AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), CM-6a, CM-9b, SC-7a, SC-7c, SC-7(5), SC-7(7), SC-7(11), SC-7(12), SC-7(16), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28)).
NIST.800.53.R5-VPCFlowLogsEnabled	OSML-Vpc/OSMLVpc/OSMLVPC/Resource	Non-Compliant	N/A	Error	The VPC does not have an associated Flow Log - (Control IDs: AC-4(26), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SI-4(17), SI-7(8)).
NIST.800.53.R5-VPCSubnetAutoAssignPublicIpDisabled	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet1/Subnet	Non-Compliant	N/A	Error	The subnet auto-assigns public IP addresses - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(7), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28), SC-25).
NIST.800.53.R5-VPCNoUnrestrictedRouteToIGW	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet1/DefaultRoute	Non-Compliant	N/A	Error	The route table may contain one or more unrestricted route(s) to an IGW ('0.0.0.0/0' or '::/0') - (Control IDs: AC-4(21), CM-7b).
NIST.800.53.R5-VPCSubnetAutoAssignPublicIpDisabled	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet2/Subnet	Non-Compliant	N/A	Error	The subnet auto-assigns public IP addresses - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(7), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28), SC-25).
NIST.800.53.R5-VPCNoUnrestrictedRouteToIGW	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet2/DefaultRoute	Non-Compliant	N/A	Error	The route table may contain one or more unrestricted route(s) to an IGW ('0.0.0.0/0' or '::/0') - (Control IDs: AC-4(21), CM-7b).
NIST.800.53.R5-VPCSubnetAutoAssignPublicIpDisabled	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet3/Subnet	Non-Compliant	N/A	Error	The subnet auto-assigns public IP addresses - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(7), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28), SC-25).
NIST.800.53.R5-VPCNoUnrestrictedRouteToIGW	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet3/DefaultRoute	Non-Compliant	N/A	Error	The route table may contain one or more unrestricted route(s) to an IGW ('0.0.0.0/0' or '::/0') - (Control IDs: AC-4(21), CM-7b).

drduhe requested a review from a team as a code owner August 25, 2025 16:23

drduhe changed the base branch from main to dev August 25, 2025 16:23

drduhe force-pushed the fix/update-ts-test-logging branch 2 times, most recently from 10a788e to 89188d9 Compare August 25, 2025 16:44

fix: updating tile_server-integ.sh

02ec9fa

drduhe force-pushed the fix/update-ts-test-logging branch from 89188d9 to 02ec9fa Compare August 25, 2025 17:00

batzela approved these changes Aug 25, 2025

View reviewed changes

drduhe changed the title ~~Fix/update ts test logging~~ fix: update TileServer integ test logging Aug 26, 2025

fix: updating integration tests

f2d0b86

drduhe changed the title ~~fix: update TileServer integ test logging~~ fix: update integration test workflows Aug 26, 2025

drduhe closed this Aug 26, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: update integration test workflows#307

fix: update integration test workflows#307
drduhe wants to merge 2 commits intodevfrom
fix/update-ts-test-logging

drduhe commented Aug 25, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Aug 25, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

drduhe commented Aug 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Notes

Problem

Solution

Sample output:

Update NPM dependancies

Testing

Uh oh!

github-actions bot commented Aug 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

drduhe commented Aug 25, 2025 •

edited

Loading

github-actions bot commented Aug 25, 2025 •

edited

Loading