feat: multiple cleanups; test framework

Author: acx1729

compliance/frameworks/baseline/reliability/aws_baseline_reliability.yaml

@@ -0,0 +1,16 @@
+ID: aws_baseline_reliability
+Title: "AWS Baseline Reliability"
+Description: "AWS reliability framework focusing on resiliency, failover, and disaster recovery."
+AutoAssign: true
+Children:
+  - aws_baseline_reliability_infrastructure
+  - aws_baseline_reliability_monitoring
+  - aws_baseline_reliability_backup
+Enabled: true
+SectionCode: aws_baseline_reliability
+Tags:
+  baseline_category:
+    - reliability
+  type:
+    - Baseline
+TracksDriftEvents: false

compliance/frameworks/baseline/reliability/aws_baseline_reliability_backup.yaml

@@ -0,0 +1,27 @@
+ID: aws_baseline_reliability_backup
+Title: "AWS Reliability - Backup & Recovery"
+Description: "Ensures backups and recovery systems are in place for AWS services."
+AutoAssign: true
+Controls:
+  - aws_use_aws_backup_service_in_use_for_amazon_rds
+  - aws_rds_automated_backups_enabled
+  - aws_backtrack
+  - aws_aurora_database_instance_accessibility
+  - aws_dynamodb_instances_have_backup_with_lifecyclepolicy_above_35_days
+  - aws_dynamodb_instances_have_backup_withing_48_hours
+  - aws_ebs_instances_have_backup_with_lifecyclepolicy_above_35_days
+  - aws_ebs_instances_have_backup_withing_rpo_period
+  - aws_ec2_instances_have_backup_with_lifecyclepolicy_above_35_days
+  - aws_ec2_instances_have_backup_withing_48_hours
+  - aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days
+  - aws_efs_files_have_backup_withing_48_hours
+  - aws_rds_database_instances_have_a_minimum_acceptable_backup_policy
+  - aws_rds_database_instances_must_have_a_minimum_acceptable_restore_time
+Enabled: true
+SectionCode: aws_baseline_reliability_backup
+Tags:
+  baseline_category:
+    - reliability
+  type:
+    - Baseline
+TracksDriftEvents: false

compliance/frameworks/baseline/reliability/aws_baseline_reliability_infrastructure.yaml

@@ -0,0 +1,24 @@
+ID: aws_baseline_reliability_infrastructure
+Title: "AWS Reliability - Infrastructure"
+Description: "Ensures AWS infrastructure follows best practices for reliability."
+AutoAssign: true
+Controls:
+  - aws_ec2_ami_too_old
+  - aws_disable_public_ip_address_assignment_for_ec2_instances
+  - aws_opensearch_dedicated_master_enabled
+  - aws_opensearch_zone_awareness_enabled
+  - aws_elbv2_alb_minimum_number_of_ec2_target_instances
+  - aws_elbv2_glb_minimum_number_of_ec2_target_instances
+  - aws_ec2_instance_termination_protection
+  - aws_enable_deletion_protection
+  - aws_elb_connection_draining_enabled
+  - aws_elb_cross_zone_load_balancing_enabled
+  - aws_check_for_amazon_ecs_service_placement_strategy
+Enabled: true
+SectionCode: aws_baseline_reliability_infrastructure
+Tags:
+  baseline_category:
+    - reliability
+  type:
+    - Baseline
+TracksDriftEvents: false

compliance/frameworks/baseline/reliability/aws_baseline_reliability_monitoring.yaml

@@ -0,0 +1,19 @@
+ID: aws_baseline_reliability_monitoring
+Title: "AWS Reliability - Monitoring & Alerts"
+Description: "Ensures AWS monitoring systems are in place to detect and respond to reliability events."
+AutoAssign: true
+Controls:
+  - aws_performance_insights
+  - aws_rds_event_notifications
+  - aws_elb_cross_zone_load_balancing_enabled
+  - aws_enable_cloudtrail_logging_for_kubernetes_api_calls
+  - aws_enable_cloudwatch_container_insights
+  - aws_kubernetes_cluster_version
+Enabled: true
+SectionCode: aws_baseline_reliability_monitoring
+Tags:
+  baseline_category:
+    - reliability
+  type:
+    - Baseline
+TracksDriftEvents: false

compliance/frameworks/baseline/reliability/azure_baseline_reliability.yaml

@@ -0,0 +1,16 @@
+ID: azure_baseline_reliability
+Title: "Azure Baseline Reliability"
+Description: "Azure reliability framework focusing on resiliency, failover, and disaster recovery."
+AutoAssign: true
+Children:
+  - azure_baseline_reliability_infrastructure.yaml
+  - azure_baseline_reliability_backup.yaml
+  - azure_baseline_reliability_monitoring
+Enabled: true
+SectionCode: azure_baseline_reliability
+Tags:
+  baseline_category:
+    - reliability
+  type:
+    - Baseline
+TracksDriftEvents: false

compliance/frameworks/baseline/reliability/azure_baseline_reliability_backup.yaml

@@ -0,0 +1,20 @@
+ID: azure_baseline_reliability_backup
+Title: "Azure Reliability - Backup & Recovery"
+Description: "Ensures backups and recovery systems are in place for Azure services."
+AutoAssign: true
+Controls:
+  - azure_recovery_service_vault_alert_for_job_failures_enabled
+  - azure_check_for_sufficient_point_in_time_restore_pitr_backup_retention_period
+  - azure_check_for_sufficient_soft_deleted_data_retention_period
+  - azure_check_for_sufficient_daily_backup_retention_period
+  - azure_check_for_sufficient_instant_restore_retention_period
+  - azure_enable_soft_delete_for_azure_blob_storage
+  - azure_enable_auto_failover_groups
+Enabled: true
+SectionCode: azure_baseline_reliability_backup
+Tags:
+  baseline_category:
+    - reliability
+  type:
+    - Baseline
+TracksDriftEvents: false

compliance/frameworks/baseline/reliability/azure_baseline_reliability_infrastructure.yaml

@@ -0,0 +1,21 @@
+ID: azure_baseline_reliability_infrastructure
+Title: "Azure Reliability - Infrastructure"
+Description: "Ensures Azure infrastructure follows best practices for reliability."
+AutoAssign: true
+Controls:
+  - azure_check_for_kubernetes_version
+  - azure_disable_plain_ftp_deployment
+  - azure_check_for_usage_of_managed_disk_volumes_for_virtual_machines
+  - azure_check_for_automatic_os_upgrades
+  - azure_check_for_automatic_instance_repairs
+  - azure_check_for_instance_termination_notifications_for_virtual_machine_scale_sets
+  - azure_check_for_associated_load_balancers
+  - azure_check_for_guest_level_diagnostics_for_virtual_machines
+Enabled: true
+SectionCode: azure_baseline_reliability_infrastructure
+Tags:
+  baseline_category:
+    - reliability
+  type:
+    - Baseline
+TracksDriftEvents: false

compliance/frameworks/baseline/reliability/azure_baseline_reliability_monitoring.yaml

@@ -0,0 +1,17 @@
+ID: azure_baseline_reliability_monitoring
+Title: "Azure Reliability - Monitoring & Alerts"
+Description: "Ensures Azure monitoring systems are in place to detect and respond to reliability events."
+AutoAssign: true
+Controls:
+  - azure_check_for_configure_health_monitoring
+  - azure_configure_minimum_tls_version
+  - azure_check_for_autoscale_notifications
+  - azure_kubernetes_api_version
+Enabled: true
+SectionCode: azure_baseline_reliability_monitoring
+Tags:
+  baseline_category:
+    - reliability
+  type:
+    - Baseline
+TracksDriftEvents: false

compliance/frameworks/baseline/reliability/root.yaml

@@ -1,71 +1,15 @@
-ID: sre_reliability
-Title: "SRE Reliability"
+ID: baseline_reliability
+Title: "Baseline Reliability"
 Description: "Reliability Framework aligns with SRE principles and the Well-Architected Framework, ensuring systems are resilient, highly available, and capable of recovering swiftly from failures."
 AutoAssign: true
-Children: []
-Controls:
-  #     - aws_rds_db_instance_no_public_subnet
-  - aws_use_aws_backup_service_in_use_for_amazon_rds
-  - aws_rds_automated_backups_enabled
-  - aws_use_io2_not_io1
-  - aws_disable_public_ip_address_assignment_for_ec2_instances
-  - aws_ec2_ami_too_old
-  - aws_opensearch_dedicated_master_enabled
-  - aws_opensearch_zone_awareness_enabled
-  - aws_backtrack
-  - aws_aurora_database_instance_accessibility
-  - aws_enable_serverless_log_exports
-  - aws_performance_insights
-  - aws_rds_event_notifications
-  - aws_rds_multi_az
-  - aws_dynamodb_instances_have_backup_with_lifecyclepolicy_above_35_days
-  - aws_dynamodb_instances_have_backup_withing_48_hours
-  - aws_ebs_instances_have_backup_with_lifecyclepolicy_above_35_days
-  - aws_ebs_instances_have_backup_withing_rpo_period
-  - aws_ec2_instances_have_backup_with_lifecyclepolicy_above_35_days
-  - aws_ec2_instances_have_backup_withing_48_hours
-  - aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days
-  - aws_efs_files_have_backup_withing_48_hours
-  - aws_rds_database_instances_have_a_minimum_acceptable_backup_policy
-  - aws_rds_database_instances_must_have_a_minimum_acceptable_restore_time
-  - aws_expired_ssl_tls_certificate
-  - aws_configure_multiple_availability_zones_for_load_balancers
-  - aws_kubernetes_cluster_version
-  - aws_elbv2_alb_minimum_number_of_ec2_target_instances
-  - aws_elbv2_glb_minimum_number_of_ec2_target_instances
-  - aws_ec2_instance_termination_protection
-  - aws_enable_deletion_protection
-  - aws_elb_connection_draining_enabled
-  - aws_elb_cross_zone_load_balancing_enabled
-  - aws_check_for_amazon_ecs_service_placement_strategy
-  - aws_enable_cloudtrail_logging_for_kubernetes_api_calls
-  - aws_enable_cloudwatch_container_insights
-  - aws_check_for_protected_amazon_backup_resource_types
-  - aws_enable_cross_region_replication
-  - azure_check_for_kubernetes_version
-  - azure_disable_plain_ftp_deployment
-  - azure_check_for_usage_of_managed_disk_volumes_for_virtual_machines
-  - azure_recovery_service_vault_alert_for_job_failures_enabled
-  - azure_check_for_sufficient_point_in_time_restore_pitr_backup_retention_period
-  - azure_configure_minimum_tls_version
-  - azure_check_for_configure_health_monitoring
-  - azure_check_for_automatic_os_upgrades
-  - azure_check_for_automatic_instance_repairs
-  - azure_check_for_instance_termination_notifications_for_virtual_machine_scale_sets
-  - azure_check_for_associated_load_balancers
-  - azure_check_for_guest_level_diagnostics_for_virtual_machines
-  - azure_enable_soft_delete_for_azure_blob_storage
-  - azure_check_for_sufficient_soft_deleted_data_retention_period
-  - azure_check_for_autoscale_notifications
-  - azure_check_for_sufficient_daily_backup_retention_period
-  - azure_check_for_sufficient_instant_restore_retention_period
-  - azure_kubernetes_api_version
-  - azure_enable_auto_failover_groups
+Children:
+  - aws_baseline_reliability
+  - azure_baseline_reliability
 Enabled: true
-SectionCode: sre_reliability
+SectionCode: baseline_reliability
 Tags:
-  score_category:
+  baseline_category:
     - reliability
   type:
-    - SCORE
+    - Baseline
 TracksDriftEvents: false