Fix azuread entraid

compliance/controls/aws/aws_account_alternate_contact_security_registered.yaml

@@ -21,8 +21,8 @@ Query:
     )
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN a.partition = 'aws-us-gov' THEN 'info'
         WHEN c.name IS NOT NULL THEN 'ok'

compliance/controls/aws/aws_account_part_of_organizations.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN organization_id IS NOT NULL THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_acm_certificate_expires_30_days.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       certificate_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN renewal_eligibility = 'INELIGIBLE' THEN 'skip'
         WHEN DATE(not_after) - DATE(current_date) >= 30 THEN 'ok'

compliance/controls/aws/aws_acm_certificate_no_failed_certificate.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       certificate_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN status IN ('VALIDATION_TIMED_OUT', 'FAILED') THEN 'alarm'
         ELSE 'ok'

compliance/controls/aws/aws_acm_certificate_no_pending_validation_certificate.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       certificate_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN status = 'PENDING_VALIDATION' THEN 'info'
         ELSE 'ok'

compliance/controls/aws/aws_acm_certificate_no_wildcard_domain_name.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       certificate_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN domain_name LIKE '*%' THEN 'alarm'
         ELSE 'ok'

compliance/controls/aws/aws_acm_certificate_not_expired.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       certificate_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN renewal_eligibility = 'INELIGIBLE' THEN 'skip'
         WHEN DATE(not_after) < (CURRENT_DATE - INTERVAL '1' minute) THEN 'alarm'

compliance/controls/aws/aws_acm_certificate_rsa_key_length_2048_bits_or_greater.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       certificate_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN NOT key_algorithm LIKE 'RSA-%' THEN 'skip'
         WHEN key_algorithm = 'RSA_1024' THEN 'alarm'

compliance/controls/aws/aws_acm_certificate_transparency_logging_enabled.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       certificate_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN type = 'IMPORTED' THEN 'skip'
         WHEN certificate_transparency_logging_preference = 'ENABLED' THEN 'ok'

compliance/controls/aws/aws_acmpca_root_certificate_authority_disabled.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN type <> 'ROOT' THEN 'skip'
         WHEN status = 'DISABLED' THEN 'ok'

compliance/controls/aws/aws_api_gateway_method_authorization_type_configured.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       resource_id AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN authorization_type = 'NONE' THEN 'alarm'
         ELSE 'ok'

compliance/controls/aws/aws_api_gateway_method_request_parameter_validated.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       resource_id AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN request_validator_id IS NULL THEN 'alarm'
         ELSE 'ok'

compliance/controls/aws/aws_api_gateway_rest_api_public_endpoint_with_authorizer.yaml

@@ -12,8 +12,8 @@ Query:
   QueryToExecute: |
     SELECT
       'arn:' || p.partition || ':apigateway:' || p.region || '::/apis/' || p.api_id AS resource,
-      p.og_account_id AS og_account_id,
-      p.og_resource_id AS og_resource_id,
+      p.platform_account_id AS platform_account_id,
+      p.platform_resource_id AS platform_resource_id,
       CASE
         WHEN NOT (endpoint_configuration_types ? 'PRIVATE')
         AND (a.provider_arns IS NOT NULL AND jsonb_array_length(a.provider_arns) > 0)

compliance/controls/aws/aws_api_gatewayv2_route_authorization_type_configured.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id || '/routes/' || route_id AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN authorization_type IS NULL THEN 'alarm'
         ELSE 'ok'

compliance/controls/aws/aws_api_gatewayv2_route_authorizer_configured.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id || '/routes/' || route_id AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN authorizer_id IS NULL THEN 'alarm'
         ELSE 'ok'

compliance/controls/aws/aws_apigateway_rest_api_authorizers_configured.yaml

@@ -12,8 +12,8 @@ Query:
   QueryToExecute: |
     SELECT
       p.name AS resource,
-      p.og_account_id AS og_account_id,
-      p.og_resource_id AS og_resource_id,
+      p.platform_account_id AS platform_account_id,
+      p.platform_resource_id AS platform_resource_id,
       CASE
         WHEN jsonb_array_length(a.provider_arns) > 0 THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_apigateway_rest_api_endpoint_restrict_public_access.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN endpoint_configuration_types ? 'PRIVATE' THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_apigateway_rest_api_stage_use_ssl_certificate.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN client_certificate_id IS NULL THEN 'alarm'
         ELSE 'ok'

compliance/controls/aws/aws_apigateway_rest_api_stage_xray_tracing_enabled.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN tracing_enabled THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_apigateway_stage_cache_encryption_at_rest_enabled.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       'arn:' || partition || ':apigateway:' || region || '::/apis/' || rest_api_id || '/stages/' || name AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN method_settings -> '*/*' ->> 'CachingEnabled' = 'true'
           AND method_settings -> '*/*' ->> 'CacheDataEncrypted' = 'true'

compliance/controls/aws/aws_apigateway_stage_logging_enabled.yaml

@@ -19,9 +19,9 @@ Query:
         region,
         account_id,
         tags,
-        og_account_id AS og_account_id,
-        og_resource_id AS og_resource_id,
-        'aws_api_gateway_stage' AS og_table_name,
+        platform_account_id AS platform_account_id,
+        platform_resource_id AS platform_resource_id,
+        'aws_api_gateway_stage' AS platform_table_name,
         _ctx
       FROM
         aws_api_gateway_stage
@@ -34,18 +34,18 @@ Query:
         region,
         account_id,
         tags,
-        og_account_id AS og_account_id,
-        og_resource_id AS og_resource_id,
-        'aws_api_gatewayv2_stage' AS og_table_name,
+        platform_account_id AS platform_account_id,
+        platform_resource_id AS platform_resource_id,
+        'aws_api_gatewayv2_stage' AS platform_table_name,
         _ctx
       FROM
         aws_api_gatewayv2_stage
     )
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
-      og_table_name AS og_table_name,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
+      platform_table_name AS platform_table_name,
       CASE
         WHEN log_level IS NULL OR log_level = '' OR log_level = 'OFF' THEN 'alarm'
         ELSE 'ok'

compliance/controls/aws/aws_apigateway_stage_use_waf_web_acl.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN web_acl_arn IS NOT NULL THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_appstream_fleet_default_internet_access_disabled.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN enable_default_internet_access THEN 'alarm'
         ELSE 'ok'

compliance/controls/aws/aws_appstream_fleet_idle_disconnect_timeout_600_seconds.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN idle_disconnect_timeout_in_seconds <= 600 THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_appstream_fleet_max_user_duration_36000_seconds.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN max_user_duration_in_seconds < 36000 THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_appstream_fleet_session_disconnect_timeout_300_seconds.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN disconnect_timeout_in_seconds <= 300 THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_appsync_graphql_api_field_level_logging_enabled.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       name AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN log_config ->> 'FieldLogLevel' IN ('ERROR', 'ALL') THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_athena_workgroup_encryption_at_rest_enabled.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       name AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN encryption_option IS NOT NULL THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_athena_workgroup_enforce_configuration_enabled.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       name AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN enforce_workgroup_configuration THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_autoscaling_ec2_launch_configuration_no_sensitive_data.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       launch_configuration_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN
           user_data LIKE ANY (ARRAY [ '%pass%', '%secret%', '%token%', '%key%' ])

compliance/controls/aws/aws_autoscaling_group_multiple_az_configured.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       autoscaling_group_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN jsonb_array_length(availability_zones) > 1 THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_autoscaling_group_no_suspended_process.yaml

@@ -11,8 +11,8 @@ Query:
   QueryToExecute: |
     SELECT
       autoscaling_group_arn AS resource,
-      og_account_id AS og_account_id,
-      og_resource_id AS og_resource_id,
+      platform_account_id AS platform_account_id,
+      platform_resource_id AS platform_resource_id,
       CASE
         WHEN suspended_processes IS NULL THEN 'ok'
         ELSE 'alarm'

compliance/controls/aws/aws_autoscaling_group_propagate_tags_to_ec2_instance_enabled.yaml

@@ -23,8 +23,8 @@ Query:
     )
     SELECT
       p.autoscaling_group_arn AS resource,
-      p.og_account_id AS og_account_id,
-      p.og_resource_id AS og_resource_id,
+      p.platform_account_id AS platform_account_id,
+      p.platform_resource_id AS platform_resource_id,
       CASE
         WHEN count > 0 THEN 'alarm'
         ELSE 'ok'