opengovern · acx1729 · Oct 14, 2024 · Oct 14, 2024
diff --git a/compliance/controls/aws/aws_account_alternate_contact_security_registered.yaml b/compliance/controls/aws/aws_account_alternate_contact_security_registered.yaml
@@ -4,7 +4,7 @@ Description: "This control checks if an AWS Web Services (AWS) account has secur
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     with alternate_security_contact as (
       select

diff --git a/compliance/controls/aws/aws_account_part_of_organizations.yaml b/compliance/controls/aws/aws_account_part_of_organizations.yaml
@@ -4,7 +4,7 @@ Description: "Ensure that an AWS account is part of AWS Organizations. The rule
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       arn as resource,

diff --git a/compliance/controls/aws/aws_acm_certificate_expires_30_days.yaml b/compliance/controls/aws/aws_acm_certificate_expires_30_days.yaml
@@ -4,7 +4,7 @@ Description: "Ensure network integrity is protected by ensuring X509 certificate
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       certificate_arn as resource,

diff --git a/compliance/controls/aws/aws_acm_certificate_no_failed_certificate.yaml b/compliance/controls/aws/aws_acm_certificate_no_failed_certificate.yaml
@@ -4,7 +4,7 @@ Description: "This control ensures that ACM certificates are not in failed state
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       certificate_arn as resource,

diff --git a/compliance/controls/aws/aws_acm_certificate_no_pending_validation_certificate.yaml b/compliance/controls/aws/aws_acm_certificate_no_pending_validation_certificate.yaml
@@ -4,7 +4,7 @@ Description: "This control ensures that ACM certificates are not in pending vali
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       certificate_arn as resource,

diff --git a/compliance/controls/aws/aws_acm_certificate_no_wildcard_domain_name.yaml b/compliance/controls/aws/aws_acm_certificate_no_wildcard_domain_name.yaml
@@ -4,7 +4,7 @@ Description: "Ensure that ACM single domain name certificates are used instead o
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       certificate_arn as resource,

diff --git a/compliance/controls/aws/aws_acm_certificate_not_expired.yaml b/compliance/controls/aws/aws_acm_certificate_not_expired.yaml
@@ -4,7 +4,7 @@ Description: "This control ensures that all expired ACM certificates are removed
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       certificate_arn as resource,

diff --git a/compliance/controls/aws/aws_acm_certificate_rsa_key_length_2048_bits_or_greater.yaml b/compliance/controls/aws/aws_acm_certificate_rsa_key_length_2048_bits_or_greater.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether RSA certificates managed by AWS Certif
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       certificate_arn as resource,

diff --git a/compliance/controls/aws/aws_acm_certificate_transparency_logging_enabled.yaml b/compliance/controls/aws/aws_acm_certificate_transparency_logging_enabled.yaml
@@ -4,7 +4,7 @@ Description: "Ensure ACM certificates transparency logging is enabled as certifi
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       certificate_arn as resource,

diff --git a/compliance/controls/aws/aws_acmpca_root_certificate_authority_disabled.yaml b/compliance/controls/aws/aws_acmpca_root_certificate_authority_disabled.yaml
@@ -4,7 +4,7 @@ Description: "This control checks if AWS Private CA has a root certificate autho
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       arn as resource,

diff --git a/compliance/controls/aws/aws_api_gateway_method_authorization_type_configured.yaml b/compliance/controls/aws/aws_api_gateway_method_authorization_type_configured.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether API Gateway method has an authorizer c
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       resource_id as resource,

diff --git a/compliance/controls/aws/aws_api_gateway_method_request_parameter_validated.yaml b/compliance/controls/aws/aws_api_gateway_method_request_parameter_validated.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether API Gateway method request parameter i
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       resource_id as resource,

diff --git a/compliance/controls/aws/aws_api_gateway_rest_api_public_endpoint_with_authorizer.yaml b/compliance/controls/aws/aws_api_gateway_rest_api_public_endpoint_with_authorizer.yaml
@@ -4,7 +4,7 @@ Description: "Ensure API Gateway REST API public endpoint is configured with aut
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       'arn:' || p.partition || ':apigateway:' || p.region || '::/apis/' || p.api_id as resource,

diff --git a/compliance/controls/aws/aws_api_gatewayv2_route_authorization_type_configured.yaml b/compliance/controls/aws/aws_api_gatewayv2_route_authorization_type_configured.yaml
@@ -4,7 +4,7 @@ Description: "This control checks if AWS API Gateway routes have an authorizatio
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id || '/routes/' || route_id as resource,

diff --git a/compliance/controls/aws/aws_api_gatewayv2_route_authorizer_configured.yaml b/compliance/controls/aws/aws_api_gatewayv2_route_authorizer_configured.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether API Gateway V2 has an authorizer confi
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id || '/routes/' || route_id as resource,

diff --git a/compliance/controls/aws/aws_apigateway_rest_api_authorizers_configured.yaml b/compliance/controls/aws/aws_apigateway_rest_api_authorizers_configured.yaml
@@ -4,7 +4,7 @@ Description: "Ensure API Gateway stages have authorizers configured."
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       p.name as resource,

diff --git a/compliance/controls/aws/aws_apigateway_rest_api_endpoint_restrict_public_access.yaml b/compliance/controls/aws/aws_apigateway_rest_api_endpoint_restrict_public_access.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether API Gateway endpoint is public or priv
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id as resource,

diff --git a/compliance/controls/aws/aws_apigateway_rest_api_stage_use_ssl_certificate.yaml b/compliance/controls/aws/aws_apigateway_rest_api_stage_use_ssl_certificate.yaml
@@ -4,7 +4,7 @@ Description: "Ensure that a REST API stage uses a Secure Sockets Layer (SSL) cer
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       arn as resource,

diff --git a/compliance/controls/aws/aws_apigateway_rest_api_stage_xray_tracing_enabled.yaml b/compliance/controls/aws/aws_apigateway_rest_api_stage_xray_tracing_enabled.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether AWS X-Ray active tracing is enabled fo
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       arn as resource,

diff --git a/compliance/controls/aws/aws_apigateway_stage_cache_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_apigateway_stage_cache_encryption_at_rest_enabled.yaml
@@ -4,7 +4,7 @@ Description: "To help protect data at rest, ensure encryption is enabled for you
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       'arn:' || partition || ':apigateway:' || region || '::/apis/' || rest_api_id || '/stages/' || name as resource,

diff --git a/compliance/controls/aws/aws_apigateway_stage_logging_enabled.yaml b/compliance/controls/aws/aws_apigateway_stage_logging_enabled.yaml
@@ -4,7 +4,7 @@ Description: "API Gateway logging displays detailed views of users who accessed
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     with all_stages as (
       select

diff --git a/compliance/controls/aws/aws_apigateway_stage_use_waf_web_acl.yaml b/compliance/controls/aws/aws_apigateway_stage_use_waf_web_acl.yaml
@@ -4,7 +4,7 @@ Description: "Ensure that an AWS API Gateway API stage is using a WAF Web ACL. T
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       arn as resource,

diff --git a/compliance/controls/aws/aws_appstream_fleet_default_internet_access_disabled.yaml b/compliance/controls/aws/aws_appstream_fleet_default_internet_access_disabled.yaml
@@ -4,7 +4,7 @@ Description: "Enabling default internet access for AppStream fleet is not recomm
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       arn as resource,

diff --git a/compliance/controls/aws/aws_appstream_fleet_idle_disconnect_timeout_600_seconds.yaml b/compliance/controls/aws/aws_appstream_fleet_idle_disconnect_timeout_600_seconds.yaml
@@ -4,7 +4,7 @@ Description: "Ensure session idle disconnect timeout is set to 10 minutes or les
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       arn as resource,

diff --git a/compliance/controls/aws/aws_appstream_fleet_max_user_duration_36000_seconds.yaml b/compliance/controls/aws/aws_appstream_fleet_max_user_duration_36000_seconds.yaml
@@ -4,7 +4,7 @@ Description: "Ensure user maximum session duration is no longer than 10 hours. A
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       arn as resource,

diff --git a/compliance/controls/aws/aws_appstream_fleet_session_disconnect_timeout_300_seconds.yaml b/compliance/controls/aws/aws_appstream_fleet_session_disconnect_timeout_300_seconds.yaml
@@ -4,7 +4,7 @@ Description: "The disconnect timeout in minutes refers to the duration for which
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       arn as resource,

diff --git a/compliance/controls/aws/aws_appsync_graphql_api_field_level_logging_enabled.yaml b/compliance/controls/aws/aws_appsync_graphql_api_field_level_logging_enabled.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether an AWS AppSync API has field-level log
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       name as resource,

diff --git a/compliance/controls/aws/aws_athena_workgroup_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_athena_workgroup_encryption_at_rest_enabled.yaml
@@ -4,7 +4,7 @@ Description: "This control checks if an Athena workgroup is encrypted at rest. T
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       name as resource,

diff --git a/compliance/controls/aws/aws_athena_workgroup_enforce_configuration_enabled.yaml b/compliance/controls/aws/aws_athena_workgroup_enforce_configuration_enabled.yaml
@@ -4,7 +4,7 @@ Description: "This control checks if an Athena workgroup enforces configuration.
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       name as resource,

diff --git a/compliance/controls/aws/aws_autoscaling_ec2_launch_configuration_no_sensitive_data.yaml b/compliance/controls/aws/aws_autoscaling_ec2_launch_configuration_no_sensitive_data.yaml
@@ -4,7 +4,7 @@ Description: "Ensure that sensitive information is not included in the user data
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       launch_configuration_arn as resource,

diff --git a/compliance/controls/aws/aws_autoscaling_group_multiple_az_configured.yaml b/compliance/controls/aws/aws_autoscaling_group_multiple_az_configured.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether an AWS EC2 Auto Scaling group spans mu
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       autoscaling_group_arn as resource,

diff --git a/compliance/controls/aws/aws_autoscaling_group_no_suspended_process.yaml b/compliance/controls/aws/aws_autoscaling_group_no_suspended_process.yaml
@@ -4,7 +4,7 @@ Description: "Ensure that there are no Auto Scaling Groups (ASGs) with suspended
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     select
       autoscaling_group_arn as resource,

diff --git a/compliance/controls/aws/aws_autoscaling_group_propagate_tags_to_ec2_instance_enabled.yaml b/compliance/controls/aws/aws_autoscaling_group_propagate_tags_to_ec2_instance_enabled.yaml
@@ -4,7 +4,7 @@ Description: "Tags can help with managing, identifying, organizing, searching fo
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     with propagate_tags_to_ec2_instance as (
       select

diff --git a/compliance/controls/aws/aws_autoscaling_group_uses_ec2_launch_template.yaml b/compliance/controls/aws/aws_autoscaling_group_uses_ec2_launch_template.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether an AWS EC2 Auto Scaling group is creat
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       autoscaling_group_arn as resource,

diff --git a/compliance/controls/aws/aws_autoscaling_group_with_lb_use_health_check.yaml b/compliance/controls/aws/aws_autoscaling_group_with_lb_use_health_check.yaml
@@ -4,7 +4,7 @@ Description: "The Elastic Load Balancer (ELB) health checks for AWS Elastic Comp
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       autoscaling_group_arn as resource,

diff --git a/compliance/controls/aws/aws_autoscaling_launch_config_hop_limit.yaml b/compliance/controls/aws/aws_autoscaling_launch_config_hop_limit.yaml
@@ -4,7 +4,7 @@ Description: "This control checks the number of network hops that a metadata tok
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       launch_configuration_arn as resource,

diff --git a/compliance/controls/aws/aws_autoscaling_launch_config_public_ip_disabled.yaml b/compliance/controls/aws/aws_autoscaling_launch_config_public_ip_disabled.yaml
@@ -4,7 +4,7 @@ Description: "Ensure that AWS EC2 Auto Scaling groups have public IP addresses e
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       launch_configuration_arn as resource,

diff --git a/compliance/controls/aws/aws_autoscaling_launch_config_requires_imdsv2.yaml b/compliance/controls/aws/aws_autoscaling_launch_config_requires_imdsv2.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether IMDSv2 is enabled on all instances lau
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       launch_configuration_arn as resource,

diff --git a/compliance/controls/aws/aws_autoscaling_use_multiple_instance_types_in_multiple_az.yaml b/compliance/controls/aws/aws_autoscaling_use_multiple_instance_types_in_multiple_az.yaml
@@ -4,7 +4,7 @@ Description: "This control checks whether an AWS EC2 Auto Scaling group uses mul
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     with autoscaling_groups as (
       select

diff --git a/compliance/controls/aws/aws_backup_plan_min_retention_35_days.yaml b/compliance/controls/aws/aws_backup_plan_min_retention_35_days.yaml
@@ -4,7 +4,7 @@ Description: "Checks if a backup plan has a backup rule that satisfies the requi
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     with all_plans as (
       select

diff --git a/compliance/controls/aws/aws_backup_plan_region_configured.yaml b/compliance/controls/aws/aws_backup_plan_region_configured.yaml
@@ -4,7 +4,7 @@ Description: "Ensure that there exists at least one backup plan in a region. The
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |-
     with count_plans as (
       select

diff --git a/compliance/controls/aws/aws_backup_recovery_point_encryption_enabled.yaml b/compliance/controls/aws/aws_backup_recovery_point_encryption_enabled.yaml
@@ -4,7 +4,7 @@ Description: "Ensure that a recovery point is encrypted. The rule is non-complia
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       recovery_point_arn as resource,

diff --git a/compliance/controls/aws/aws_backup_recovery_point_manual_deletion_disabled.yaml b/compliance/controls/aws/aws_backup_recovery_point_manual_deletion_disabled.yaml
@@ -4,7 +4,7 @@ Description: "Checks if a backup vault has an attached resource-based policy whi
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     with recovery_point_manual_deletion_disabled as (
       select

diff --git a/compliance/controls/aws/aws_backup_recovery_point_min_retention_35_days.yaml b/compliance/controls/aws/aws_backup_recovery_point_min_retention_35_days.yaml
@@ -4,7 +4,7 @@ Description: "Ensure a recovery point expires no earlier than after the specifie
 Connector:
 - aws
 Query:
-  Engine: odysseus-v0.0.1
+  Engine: CloudQL-v0.0.1
   QueryToExecute: |
     select
       recovery_point_arn as resource,