opengovern
diff --git a/‎compliance/controls/aws/aws_cis_v140_1_13.yaml‎
Lines changed: 3 additions & 1 deletion b/‎compliance/controls/aws/aws_cis_v140_1_13.yaml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎compliance/controls/aws/aws_cis_v140_1_17.yaml‎
Lines changed: 6 additions & 2 deletions b/‎compliance/controls/aws/aws_cis_v140_1_17.yaml‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎compliance/controls/aws/aws_cis_v140_1_2.yaml‎
Lines changed: 3 additions & 1 deletion b/‎compliance/controls/aws/aws_cis_v140_1_2.yaml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎compliance/controls/aws/aws_cis_v140_3_3.yaml‎
Lines changed: 8 additions & 4 deletions b/‎compliance/controls/aws/aws_cis_v140_3_3.yaml‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎compliance/controls/aws/aws_cis_v140_3_9.yaml‎
Lines changed: 3 additions & 1 deletion b/‎compliance/controls/aws/aws_cis_v140_3_9.yaml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎compliance/controls/aws/aws_cis_v150_1_13.yaml‎
Lines changed: 3 additions & 1 deletion b/‎compliance/controls/aws/aws_cis_v150_1_13.yaml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎compliance/controls/aws/aws_cis_v150_1_17.yaml‎
Lines changed: 8 additions & 4 deletions b/‎compliance/controls/aws/aws_cis_v150_1_17.yaml‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎compliance/controls/aws/aws_cis_v150_1_2.yaml‎
Lines changed: 3 additions & 1 deletion b/‎compliance/controls/aws/aws_cis_v150_1_2.yaml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎compliance/controls/aws/aws_cis_v150_3_3.yaml‎
Lines changed: 9 additions & 5 deletions b/‎compliance/controls/aws/aws_cis_v150_3_3.yaml‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎compliance/controls/aws/aws_cis_v150_3_9.yaml‎
Lines changed: 3 additions & 1 deletion b/‎compliance/controls/aws/aws_cis_v150_3_9.yaml‎
Lines changed: 3 additions & 1 deletion
@@ -25,7 +25,9 @@ Query:
       u.name,
       u.account_id,
       u.tags,
-      u._ctx;
+      u._ctx,
+      u.kaytu_account_id,
+      u.kaytu_resource_id;
   PrimaryTable: aws_iam_user
   ListOfTables:
   - aws_iam_user
 
@@ -13,7 +13,9 @@ Query:
         'arn:' || a.partition || ':::' || a.account_id as resource,
         count(policy_arn),
         a.account_id,
-        a._ctx
+        a._ctx,
+        a.kaytu_account_id,
+        a.kaytu_resource_id
       from
         aws_account as a
         left join aws_iam_role as r on r.account_id = a.account_id
@@ -24,7 +26,9 @@ Query:
       group by
         a.account_id,
         a.partition,
-        a._ctx
+        a._ctx,
+        a.kaytu_account_id,
+        a.kaytu_resource_id
     )
     select
       resource,
 
@@ -21,7 +21,9 @@ Query:
         partition,
         title,
         account_id,
-        _ctx
+        _ctx,
+        kaytu_account_id as kaytu_account_id,
+        kaytu_resource_id as kaytu_resource_id
       from
         aws_account
     )
 
@@ -16,6 +16,8 @@ Query:
       t.account_id,
       t.tags,
       t._ctx,
+      t.kaytu_account_id,
+      t.kaytu_resource_id,
       count(acl_grant) filter (where acl_grant -> 'Grantee' ->> 'URI' like '%acs.amazonaws.com/groups/global/AllUsers') as all_user_grants,
       count(acl_grant) filter (where acl_grant -> 'Grantee' ->> 'URI' like '%acs.amazonaws.com/groups/global/AuthenticatedUsers') as auth_user_grants,
       count(s) filter (where s ->> 'Effect' = 'Allow' and  p = '*' ) as anon_statements
@@ -31,15 +33,17 @@ Query:
       t.region,
       t.account_id,
       t.tags,
-      t._ctx
+      t._ctx,
+      t.kaytu_account_id,
+      t.kaytu_resource_id
     )
     select
       case
         when arn is null then 'arn:aws:s3::' || name
         else arn
       end as resource,
-      t.kaytu_account_id as kaytu_account_id,
-      t.kaytu_resource_id as kaytu_resource_id,
+      kaytu_account_id as kaytu_account_id,
+      kaytu_resource_id as kaytu_resource_id,
       case
         when arn is null then 'skip'
         when all_user_grants > 0 then 'alarm'
@@ -54,7 +58,7 @@ Query:
         when anon_statements > 0 then name || ' grants access to AWS:*" in bucket policy.'
         else name || ' does not grant anonymous access in ACL or bucket policy.'
       end as reason
-      
+    
     from
       public_bucket_data;
   PrimaryTable: aws_s3_bucket
 
@@ -14,7 +14,9 @@ Query:
         owner_id,
         vpc_id,
         tags,
-        _ctx
+        _ctx,
+        kaytu_account_id,
+        kaytu_resource_id
       from
         aws_vpc
       order by
 
@@ -25,7 +25,9 @@ Query:
       u.name,
       u.account_id,
       u.tags,
-      u._ctx;
+      u._ctx,
+      u.kaytu_account_id,
+      u.kaytu_resource_id;
   PrimaryTable: aws_iam_user
   ListOfTables:
   - aws_iam_user
 
@@ -13,7 +13,9 @@ Query:
         'arn:' || a.partition || ':::' || a.account_id as resource,
         count(policy_arn),
         a.account_id,
-        a._ctx
+        a._ctx,
+        a.kaytu_account_id,
+        a.kaytu_resource_id
       from
         aws_account as a
         left join aws_iam_role as r on r.account_id = a.account_id
@@ -24,12 +26,14 @@ Query:
       group by
         a.account_id,
         a.partition,
-        a._ctx
+        a._ctx,
+        a.kaytu_account_id,
+        a.kaytu_resource_id
     )
     select
       resource,
-      a.kaytu_account_id as kaytu_account_id,
-      a.kaytu_resource_id as kaytu_resource_id,
+      kaytu_account_id as kaytu_account_id,
+      kaytu_resource_id as kaytu_resource_id,
       case
         when count > 0 then 'ok'
         else 'alarm'
 
@@ -21,7 +21,9 @@ Query:
         partition,
         title,
         account_id,
-        _ctx
+        _ctx,
+        kaytu_account_id,
+        kaytu_resource_id
       from
         aws_account
     )
 
@@ -18,7 +18,9 @@ Query:
       t._ctx,
       count(acl_grant) filter (where acl_grant -> 'Grantee' ->> 'URI' like '%acs.amazonaws.com/groups/global/AllUsers') as all_user_grants,
       count(acl_grant) filter (where acl_grant -> 'Grantee' ->> 'URI' like '%acs.amazonaws.com/groups/global/AuthenticatedUsers') as auth_user_grants,
-      count(s) filter (where s ->> 'Effect' = 'Allow' and  p = '*' ) as anon_statements
+      count(s) filter (where s ->> 'Effect' = 'Allow' and  p = '*' ) as anon_statements,
+      t.kaytu_account_id as kaytu_account_id,
+      t.kaytu_resource_id as kaytu_resource_id
     from
       aws_cloudtrail_trail as t
     left join aws_s3_bucket as b on t.s3_bucket_name = b.name
@@ -31,15 +33,17 @@ Query:
       t.region,
       t.account_id,
       t.tags,
-      t._ctx
+      t._ctx,
+      t.kaytu_account_id,
+      t.kaytu_resource_id
     )
     select
       case
         when arn is null then 'arn:aws:s3::' || name
         else arn
       end as resource,
-      t.kaytu_account_id as kaytu_account_id,
-      t.kaytu_resource_id as kaytu_resource_id,
+      kaytu_account_id as kaytu_account_id,
+      kaytu_resource_id as kaytu_resource_id,
       case
         when arn is null then 'skip'
         when all_user_grants > 0 then 'alarm'
@@ -54,7 +58,7 @@ Query:
         when anon_statements > 0 then name || ' grants access to AWS:*" in bucket policy.'
         else name || ' does not grant anonymous access in ACL or bucket policy.'
       end as reason
-      
+    
     from
       public_bucket_data;
   PrimaryTable: aws_s3_bucket
 
@@ -14,7 +14,9 @@ Query:
         owner_id,
         vpc_id,
         tags,
-        _ctx
+        _ctx,
+        kaytu_account_id,
+        kaytu_resource_id
       from
         aws_vpc
       order by