fix: update integration test workflows by drduhe · Pull Request #311 · aws-solutions-library-samples/guidance-for-processing-overhead-imagery-on-aws

drduhe · 2025-08-26T17:18:19Z

Issue #, if available: n/a

Notes

Problem

Integration tests were failing due to a hardcoded 15-minute timeout, which was insufficient for processing complex NITF files through ML models.

Solution

Enhanced Timeout Handling
- Increased default timeout from 15 to 45 minutes (configurable per test).
- Centralized DEFAULT_TIMEOUT_MINUTES variable for consistency.
- Updated GitHub Actions timeouts:
  - Model Runner: 30 minutes
  - Tile Server: 15 minutes
Improved Test Reliability & Visibility
- Refined log filtering with awk for cleaner output.
- Enhanced error handling for Lambda invocations.
- Payloads now display actual content instead of temp file paths.
- More robust temp file handling using mktemp.
Other Updates
- Copyright updated to 2024–2025.

✅ Script now runs without errors and produces clean, focused test results.

Sample Output

==========================================
  Running Tile Server Integration Tests   
==========================================
Invoking the Lambda function 'TSTestRunner' with payload:
Payload: {"image_uri": "s3://osml-test-images-975050113711/small.tif"}
Region: us-west-2

Test Summary
-------------------------------------
Create Viewpoint                  PASSED
Create Viewpoint - Invalid        PASSED
Create Viewpoint - Invalid ID     PASSED
Delete Viewpoint                  PASSED
Delete Viewpoint - Invalid        PASSED
Describe Viewpoint                PASSED
Get Bounds                        PASSED
Get Crop                          PASSED
Get Info                          PASSED
Get Map Tile                      PASSED
Get Map Tileset Metadata          PASSED
Get Map Tilesets                  PASSED
Get Metadata                      PASSED
Get Preview                       PASSED
Get Statistics                    PASSED
Get Statistics - Invalid          PASSED
Get Tile                          PASSED
List Viewpoints                   PASSED
Update Viewpoint                  PASSED
Tests: 19, Passed: 19, Failed: 0, Success: 100.00%
==========================================
       Integration Tests Completed        
==========================================
            All tests passed!             
==========================================

Update NPM dependancies

Updated all npm packages to their latest compatible versions to resolve deprecation warnings and improve security. All dependencies are now current and the project builds successfully.

Testing

Before you submit a pull request, please make sure you have to following:

Your code contains tests that cover all new code and changes
All new and existing tests passed
I have read the Contributing Guidelines and agree to follow the Code of Conduct)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

github-actions · 2025-08-26T17:22:41Z

Please review the existing CDK-Nag Violations for 60ab5eeb9403da0bec549844976cb628e83dacfa

There are 91 AwsSolutions Violation(s)

Rule ID	Resource ID	Compliance	Exception Reason	Rule Level	Rule Info
AwsSolutions-SNS3	OSML-DataCatalog/DCDataplane/DIOutputTopic/Resource	Non-Compliant	N/A	Error	The SNS Topic does not require publishers to use SSL.
AwsSolutions-IAM4	OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM4	OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM5	OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-DataCatalog/DCDataplane/DCLambdaRole/DCLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-OS3	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not only grant access via allowlisted IP addresses.
AwsSolutions-OS4	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not use dedicated master nodes.
AwsSolutions-OS5	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain allows for unsigned requests or anonymous access.
AwsSolutions-OS9	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not minimally publish SEARCH_SLOW_LOGS and INDEX_SLOW_LOGS to CloudWatch Logs.
AwsSolutions-OS9	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not minimally publish SEARCH_SLOW_LOGS and INDEX_SLOW_LOGS to CloudWatch Logs.
AwsSolutions-IAM4	OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/ServiceRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-SNS3	OSML-DataIntake/DIDataplane/DIInputTopic/Resource	Non-Compliant	N/A	Error	The SNS Topic does not require publishers to use SSL.
AwsSolutions-SNS3	OSML-DataIntake/DIDataplane/DIOutputTopic/Resource	Non-Compliant	N/A	Error	The SNS Topic does not require publishers to use SSL.
AwsSolutions-IAM4	OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM4	OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM5	OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-DataIntake/DIDataplane/DILambdaRole/DILambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-S1	OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket has server access logs disabled.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSTaskRole/MRTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRImageStatusQueue/MRImageStatusQueueDLQ/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRImageStatusQueue/MRImageStatusQueue/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRImageRequestQueue/MRImageRequestQueueDLQ/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRImageRequestQueue/MRImageRequestQueue/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRRegionRequestQueue/MRRegionRequestQueueDLQ/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-ModelRunner/MRDataplane/MRRegionRequestQueue/MRRegionRequestQueue/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-ECS4	OSML-ModelRunner/MRDataplane/MRCluster/Resource	Non-Compliant	N/A	Error	The ECS Cluster has CloudWatch Container Insights disabled.
AwsSolutions-ECS2	OSML-ModelRunner/MRDataplane/MRTaskDefinition/Resource	Non-Compliant	N/A	Error	The ECS Task Definition includes a container definition that directly specifies environment variables.
AwsSolutions-S1	OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket has server access logs disabled.
AwsSolutions-IAM5	OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Roles/MESMRole/MESageMakerExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-S1	OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket has server access logs disabled.
AwsSolutions-IAM4	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM4	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/Resource	Non-Compliant	N/A	Error	The IAM user, role, or group uses AWS managed policies.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-L1	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource	Non-Compliant	N/A	Error	The non-container Lambda function is not configured to use the latest runtime version.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/MEHTTPEndpointRole/MEHttpPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-ECS4	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPModelCluster/Resource	Non-Compliant	N/A	Error	The ECS Cluster has CloudWatch Container Insights disabled.
AwsSolutions-ECS2	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointFargateTaskDefinition/Resource	Non-Compliant	N/A	Error	The ECS Task Definition includes a container definition that directly specifies environment variables.
AwsSolutions-IAM5	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointFargateTaskDefinition/ExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-ELB2	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource	Non-Compliant	N/A	Error	The ELB does not have access logs enabled.
AwsSolutions-EC23	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/SecurityGroup/Resource	Non-Compliant	N/A	Error	The Security Group allows for 0.0.0.0/0 or ::/0 inbound access.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSLambdaRole/TSLambdaPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-IAM5	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionPolicy/Resource	Non-Compliant	N/A	Error	The IAM entity contains wildcard permissions and does not have a cdk-nag rule suppression with evidence for those permission.
AwsSolutions-SQS4	OSML-TileServer/TSDataplane/TSJobQueue/TSJobQueueDLQ/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-SQS4	OSML-TileServer/TSDataplane/TSJobQueue/TSJobQueue/Resource	Non-Compliant	N/A	Error	The SQS queue does not require requests to use SSL.
AwsSolutions-ECS4	OSML-TileServer/TSDataplane/TSCluster/Resource	Non-Compliant	N/A	Error	The ECS Cluster has CloudWatch Container Insights disabled.
AwsSolutions-ECS2	OSML-TileServer/TSDataplane/TSTaskDefinition/Resource	Non-Compliant	N/A	Error	The ECS Task Definition includes a container definition that directly specifies environment variables.
AwsSolutions-ELB2	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/Resource	Non-Compliant	N/A	Error	The ELB does not have access logs enabled.
AwsSolutions-EC23	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/SecurityGroup/Resource	Non-Compliant	N/A	Error	The Security Group allows for 0.0.0.0/0 or ::/0 inbound access.
AwsSolutions-VPC7	OSML-Vpc/OSMLVpc/OSMLVPC/Resource	Non-Compliant	N/A	Error	The VPC does not have an associated Flow Log.

There are 68 NIST.800.53.R5 Violation(s)

Rule ID	Resource ID	Compliance	Exception Reason	Rule Level	Rule Info
NIST.800.53.R5-SNSEncryptedKMS	OSML-DataCatalog/DCDataplane/DIOutputTopic/Resource	Non-Compliant	N/A	Error	The SNS topic does not have KMS encryption enabled - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1)).
NIST.800.53.R5-OpenSearchErrorLogsToCloudWatch	OSML-DataCatalog/DCDataplane/DCOSDomain/Resource	Non-Compliant	N/A	Error	The OpenSearch Service domain does not stream error logs (ES_APPLICATION_LOGS) to CloudWatch Logs - (Control ID: AU-10).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-DataCatalog/DCDataplane/DCOSDomain/AccessPolicy/CustomResourcePolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-LambdaConcurrency	OSML-DataCatalog/DCDataplane/DCStacFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-DataCatalog/DCDataplane/DCStacFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-LambdaConcurrency	OSML-DataCatalog/DCDataplane/DCIngestFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-DataCatalog/DCDataplane/DCIngestFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-LambdaConcurrency	OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-LambdaInsideVPC	OSML-DataCatalog/AWS679f53fac002430cb0da5b7982bd2287/Resource	Non-Compliant	N/A	Error	The Lambda function is not VPC enabled - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-25).
NIST.800.53.R5-SNSEncryptedKMS	OSML-DataIntake/DIDataplane/DIInputTopic/Resource	Non-Compliant	N/A	Error	The SNS topic does not have KMS encryption enabled - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1)).
NIST.800.53.R5-SNSEncryptedKMS	OSML-DataIntake/DIDataplane/DIOutputTopic/Resource	Non-Compliant	N/A	Error	The SNS topic does not have KMS encryption enabled - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1)).
NIST.800.53.R5-S3BucketLoggingEnabled	OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource	Non-Compliant	N/A	Error	The S3 Buckets does not have server access logs enabled - (Control IDs: AC-2(4), AC-3(1), AC-3(10), AC-4(26), AC-6(9), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-1(1)(c), SI-3(8)(b), SI-4(2), SI-4(17), SI-4(20), SI-7(8), SI-10(1)(c)).
NIST.800.53.R5-S3BucketReplicationEnabled	OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have replication enabled - (Control IDs: AU-9(2), CM-6a, CM-9b, CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-S3BucketVersioningEnabled	OSML-DataIntake/DIDataplane/DIInputBucket/DIInputBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have versioning enabled - (Control IDs: AU-9(2), CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), PM-11b, PM-17b, SC-5(2), SC-16(1), SI-1a.2, SI-1a.2, SI-1c.2, SI-13(5)).
NIST.800.53.R5-LambdaConcurrency	OSML-DataIntake/DIDataplane/DataIntakeFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-DataIntake/DIDataplane/DataIntakeFunction/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-ModelRunner/MRDataplane/MRECSExecutionRole/MRExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MROutstandingImageJobsTable/MROutstandingImageJobsTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MRJobStatusTable/MRJobStatusTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MRFeaturesTable/MRFeaturesTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MREndpointProcessingTable/MREndpointProcessingTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-ModelRunner/MRDataplane/MRRegionRequestTable/MRRegionRequestTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-CloudWatchLogGroupEncrypted	OSML-ModelRunner/MRDataplane/MRServiceLogGroup/Resource	Non-Compliant	N/A	Error	The CloudWatch Log Group is not encrypted with an AWS KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-S3BucketLoggingEnabled	OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource	Non-Compliant	N/A	Error	The S3 Buckets does not have server access logs enabled - (Control IDs: AC-2(4), AC-3(1), AC-3(10), AC-4(26), AC-6(9), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-1(1)(c), SI-3(8)(b), SI-4(2), SI-4(17), SI-4(20), SI-7(8), SI-10(1)(c)).
NIST.800.53.R5-S3BucketReplicationEnabled	OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have replication enabled - (Control IDs: AU-9(2), CM-6a, CM-9b, CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-S3BucketVersioningEnabled	OSML-ModelRunner/MRDataplane/MRSinkBucket/MRSinkBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have versioning enabled - (Control IDs: AU-9(2), CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), PM-11b, PM-17b, SC-5(2), SC-16(1), SI-1a.2, SI-1a.2, SI-1c.2, SI-13(5)).
NIST.800.53.R5-S3BucketLoggingEnabled	OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource	Non-Compliant	N/A	Error	The S3 Buckets does not have server access logs enabled - (Control IDs: AC-2(4), AC-3(1), AC-3(10), AC-4(26), AC-6(9), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-1(1)(c), SI-3(8)(b), SI-4(2), SI-4(17), SI-4(20), SI-7(8), SI-10(1)(c)).
NIST.800.53.R5-S3BucketReplicationEnabled	OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have replication enabled - (Control IDs: AU-9(2), CM-6a, CM-9b, CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-S3BucketVersioningEnabled	OSML-Test-Imagery/OSMLTestImagery/OSMLTestImageBucket/OSMLTestImageBucket/Resource	Non-Compliant	N/A	Error	The S3 Bucket does not have versioning enabled - (Control IDs: AU-9(2), CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), PM-11b, PM-17b, SC-5(2), SC-16(1), SI-1a.2, SI-1a.2, SI-1c.2, SI-13(5)).
NIST.800.53.R5-EFSInBackupPlan	OSML-Test-Imagery/OSMLTestImagery/BucketDeploymentEFS-VPC-c8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource	Non-Compliant	N/A	Error	The EFS is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/ServiceRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-LambdaConcurrency	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-Test-Imagery/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C10240MiBc8608322c7be1b1d2ec0d0943f387bf840ccfa30d8/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-CloudWatchLogGroupEncrypted	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointServiceLogGroup/Resource	Non-Compliant	N/A	Error	The CloudWatch Log Group is not encrypted with an AWS KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointFargateTaskDefinition/ExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-ALBWAFEnabled	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource	Non-Compliant	N/A	Error	The ALB is not associated with AWS WAFv2 web ACL - (Control ID: AC-4(21)).
NIST.800.53.R5-ELBDeletionProtectionEnabled	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB does not have deletion protection enabled - (Control IDs: CA-7(4)(c), CM-2a, CM-2(2), CM-3a, CM-8(6), CP-1a.1(b), CP-1a.2, CP-2a, CP-2a.6, CP-2a.7, CP-2d, CP-2e, CP-2(5), SA-15a.4, SC-5(2), SC-22).
NIST.800.53.R5-ELBLoggingEnabled	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/Resource	Non-Compliant	N/A	Error	The ELB does not have logging enabled - (Control IDs: AC-4(26), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-4(17), SI-7(8)).
NIST.800.53.R5-ALBHttpToHttpsRedirection	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/PublicListener/Resource	Non-Compliant	N/A	Error	The ALB's HTTP listeners are not configured to redirect to HTTPS - (Control IDs: AC-4, AC-4(22), AC-17(2), AC-24(1), AU-9(3), CA-9b, IA-5(1)(c), PM-17b, SC-7(4)(b), SC-7(4)(g), SC-8, SC-8(1), SC-8(2), SC-8(3), SC-8(4), SC-8(5), SC-13a, SC-23, SI-1a.2, SI-1a.2, SI-1c.2).
NIST.800.53.R5-ELBv2ACMCertificateRequired	OSML-Test-ModelEndpoints/MREndpoints/OSMLHTTPCenterPointModelEndpoint/HTTPEndpointService/LB/PublicListener/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB listener does not utilize an SSL certificate provided by ACM (Amazon Certificate Manager) - (Control IDs: SC-8(1), SC-23(5)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured	OSML-Test-ModelEndpoints/MREndpoints/OSMLCenterPointModelEndpoint/OSMLCenterPointModelEndpoint-EndpointConfig	Non-Compliant	N/A	Error	The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured	OSML-Test-ModelEndpoints/MREndpoints/OSMLFloodModelEndpoint/OSMLFloodModelEndpoint-EndpointConfig	Non-Compliant	N/A	Error	The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured	OSML-Test-ModelEndpoints/MREndpoints/OSMLAircraftModelEndpoint/OSMLAircraftModelEndpoint-EndpointConfig	Non-Compliant	N/A	Error	The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-SageMakerEndpointConfigurationKMSKeyConfigured	OSML-Test-ModelEndpoints/MREndpoints/OSMLMultiContainerModelEndpoint/OSMLMultiContainerModelEndpoint-EndpointConfig	Non-Compliant	N/A	Error	The SageMaker resource endpoint is not encrypted with a KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-TileServer/TSDataplane/TSECSTaskRole/TSTaskRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-IAMNoInlinePolicy	OSML-TileServer/TSDataplane/TSECSExecutionRole/TSExecutionRole/DefaultPolicy/Resource	Non-Compliant	N/A	Error	The IAM Group, User, or Role contains an inline policy - (Control IDs: AC-2i.2, AC-2(1), AC-2(6), AC-3, AC-3(3)(a), AC-3(3)(b)(1), AC-3(3)(b)(2), AC-3(3)(b)(3), AC-3(3)(b)(4), AC-3(3)(b)(5), AC-3(3)(c), AC-3(3), AC-3(4)(a), AC-3(4)(b), AC-3(4)(c), AC-3(4)(d), AC-3(4)(e), AC-3(4), AC-3(7), AC-3(8), AC-3(12)(a), AC-3(13), AC-3(15)(a), AC-3(15)(b), AC-4(28), AC-6, AC-6(3), AC-24, CM-5(1)(a), CM-6a, CM-9b, MP-2, SC-23(3)).
NIST.800.53.R5-DynamoDBInBackupPlan	OSML-TileServer/TSDataplane/TSJobTable/TSJobTable/Resource	Non-Compliant	N/A	Error	The DynamoDB table is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-CloudWatchLogGroupEncrypted	OSML-TileServer/TSDataplane/TSServiceLogGroup/Resource	Non-Compliant	N/A	Error	The CloudWatch Log Group is not encrypted with an AWS KMS key - (Control IDs: AU-9(3), CP-9d, SC-8(3), SC-8(4), SC-13a, SC-28(1), SI-19(4)).
NIST.800.53.R5-EFSInBackupPlan	OSML-TileServer/TSDataplane/TSEfsFileSystem/Resource	Non-Compliant	N/A	Error	The EFS is not in an AWS Backup plan - (Control IDs: CP-1(2), CP-2(5), CP-6a, CP-6(1), CP-6(2), CP-9a, CP-9b, CP-9c, CP-10, CP-10(2), SC-5(2), SI-13(5)).
NIST.800.53.R5-ALBWAFEnabled	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/Resource	Non-Compliant	N/A	Error	The ALB is not associated with AWS WAFv2 web ACL - (Control ID: AC-4(21)).
NIST.800.53.R5-ELBDeletionProtectionEnabled	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB does not have deletion protection enabled - (Control IDs: CA-7(4)(c), CM-2a, CM-2(2), CM-3a, CM-8(6), CP-1a.1(b), CP-1a.2, CP-2a, CP-2a.6, CP-2a.7, CP-2d, CP-2e, CP-2(5), SA-15a.4, SC-5(2), SC-22).
NIST.800.53.R5-ELBLoggingEnabled	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/Resource	Non-Compliant	N/A	Error	The ELB does not have logging enabled - (Control IDs: AC-4(26), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-3f, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-10, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SC-7(9)(b), SI-4(17), SI-7(8)).
NIST.800.53.R5-ALBHttpToHttpsRedirection	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/PublicListener/Resource	Non-Compliant	N/A	Error	The ALB's HTTP listeners are not configured to redirect to HTTPS - (Control IDs: AC-4, AC-4(22), AC-17(2), AC-24(1), AU-9(3), CA-9b, IA-5(1)(c), PM-17b, SC-7(4)(b), SC-7(4)(g), SC-8, SC-8(1), SC-8(2), SC-8(3), SC-8(4), SC-8(5), SC-13a, SC-23, SI-1a.2, SI-1a.2, SI-1c.2).
NIST.800.53.R5-ELBv2ACMCertificateRequired	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/PublicListener/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB listener does not utilize an SSL certificate provided by ACM (Amazon Certificate Manager) - (Control IDs: SC-8(1), SC-23(5)).
NIST.800.53.R5-ALBHttpToHttpsRedirection	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/TSALBListener/Resource	Non-Compliant	N/A	Error	The ALB's HTTP listeners are not configured to redirect to HTTPS - (Control IDs: AC-4, AC-4(22), AC-17(2), AC-24(1), AU-9(3), CA-9b, IA-5(1)(c), PM-17b, SC-7(4)(b), SC-7(4)(g), SC-8, SC-8(1), SC-8(2), SC-8(3), SC-8(4), SC-8(5), SC-13a, SC-23, SI-1a.2, SI-1a.2, SI-1c.2).
NIST.800.53.R5-ELBv2ACMCertificateRequired	OSML-TileServer/TSDataplane/TSServiceApplicationLoadBalancer/TSALBListener/Resource	Non-Compliant	N/A	Error	The ALB, NLB, or GLB listener does not utilize an SSL certificate provided by ACM (Amazon Certificate Manager) - (Control IDs: SC-8(1), SC-23(5)).
NIST.800.53.R5-LambdaConcurrency	OSML-TileServer/TSDataplane/TSTestRunner/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with function-level concurrent execution limits - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-6).
NIST.800.53.R5-LambdaDLQ	OSML-TileServer/TSDataplane/TSTestRunner/Resource	Non-Compliant	N/A	Error	The Lambda function is not configured with a dead-letter configuration - (Control IDs: AU-12(3), AU-14a, AU-14b, CA-2(2), CA-7, CA-7b, PM-14a.1, PM-14b, PM-31, SC-36(1)(a), SI-2a).
NIST.800.53.R5-VPCDefaultSecurityGroupClosed	OSML-Vpc/OSMLVpc/OSMLVPC/Resource	Non-Compliant	N/A	Warning	The VPC's default security group allows inbound or outbound traffic - (Control IDs: AC-4(21), AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), CM-6a, CM-9b, SC-7a, SC-7c, SC-7(5), SC-7(7), SC-7(11), SC-7(12), SC-7(16), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28)).
NIST.800.53.R5-VPCFlowLogsEnabled	OSML-Vpc/OSMLVpc/OSMLVPC/Resource	Non-Compliant	N/A	Error	The VPC does not have an associated Flow Log - (Control IDs: AC-4(26), AU-2b, AU-3a, AU-3b, AU-3c, AU-3d, AU-3e, AU-6(3), AU-6(4), AU-6(6), AU-6(9), AU-8b, AU-12a, AU-12c, AU-12(1), AU-12(2), AU-12(3), AU-12(4), AU-14a, AU-14b, AU-14b, AU-14(3), CA-7b, CM-5(1)(b), CM-6a, CM-9b, IA-3(3)(b), MA-4(1)(a), PM-14a.1, PM-14b, PM-31, SI-4(17), SI-7(8)).
NIST.800.53.R5-VPCSubnetAutoAssignPublicIpDisabled	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet1/Subnet	Non-Compliant	N/A	Error	The subnet auto-assigns public IP addresses - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(7), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28), SC-25).
NIST.800.53.R5-VPCNoUnrestrictedRouteToIGW	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet1/DefaultRoute	Non-Compliant	N/A	Error	The route table may contain one or more unrestricted route(s) to an IGW ('0.0.0.0/0' or '::/0') - (Control IDs: AC-4(21), CM-7b).
NIST.800.53.R5-VPCSubnetAutoAssignPublicIpDisabled	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet2/Subnet	Non-Compliant	N/A	Error	The subnet auto-assigns public IP addresses - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(7), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28), SC-25).
NIST.800.53.R5-VPCNoUnrestrictedRouteToIGW	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet2/DefaultRoute	Non-Compliant	N/A	Error	The route table may contain one or more unrestricted route(s) to an IGW ('0.0.0.0/0' or '::/0') - (Control IDs: AC-4(21), CM-7b).
NIST.800.53.R5-VPCSubnetAutoAssignPublicIpDisabled	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet3/Subnet	Non-Compliant	N/A	Error	The subnet auto-assigns public IP addresses - (Control IDs: AC-2(6), AC-3, AC-3(7), AC-4(21), AC-6, AC-17b, AC-17(1), AC-17(1), AC-17(4)(a), AC-17(9), AC-17(10), MP-2, SC-7a, SC-7b, SC-7c, SC-7(2), SC-7(3), SC-7(7), SC-7(9)(a), SC-7(11), SC-7(12), SC-7(16), SC-7(20), SC-7(21), SC-7(24)(b), SC-7(25), SC-7(26), SC-7(27), SC-7(28), SC-25).
NIST.800.53.R5-VPCNoUnrestrictedRouteToIGW	OSML-Vpc/OSMLVpc/OSMLVPC/OSML-VPC-PublicSubnet3/DefaultRoute	Non-Compliant	N/A	Error	The route table may contain one or more unrestricted route(s) to an IGW ('0.0.0.0/0' or '::/0') - (Control IDs: AC-4(21), CM-7b).

drduhe force-pushed the fix/update-integ-tests branch 2 times, most recently from 28cfe1c to 2a82de0 Compare August 26, 2025 19:18

fix: update integration test workflows

60ab5ee

drduhe force-pushed the fix/update-integ-tests branch from 2a82de0 to 60ab5ee Compare August 27, 2025 18:01

jtblack-aws approved these changes Aug 28, 2025

View reviewed changes

drduhe merged commit edc3aef into dev Aug 28, 2025
10 checks passed

drduhe deleted the fix/update-integ-tests branch August 28, 2025 21:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: update integration test workflows#311

fix: update integration test workflows#311
drduhe merged 1 commit intodevfrom
fix/update-integ-tests

drduhe commented Aug 26, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Aug 26, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

drduhe commented Aug 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Notes

Problem

Solution

Sample Output

Update NPM dependancies

Testing

Uh oh!

github-actions bot commented Aug 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

drduhe commented Aug 26, 2025 •

edited

Loading

github-actions bot commented Aug 26, 2025 •

edited

Loading