Add AWS Config task to convert evaluation results to OSCAL Assessment Results #2113
Description
Currently, 'compliance-trestle' provides excellent tasks for transforming scanner results (like Trivy, OpenSCAP, and Tanium) into OSCAL Assessment Results. However, there doesn't seem to be a native integration for AWS infrastructure compliance data yet.
Many organizations use AWS Config for continuous compliance monitoring (e.g., evaluating S3 encryption, IAM policies, and VPC boundaries). Being able to pipe those native AWS evaluation results directly into the OSCAL ecosystem would be highly valuable for teams managing cloud infrastructure.
I would like to propose adding a new task (e.g., aws-config-to-oscal) under the trestle/tasks/ directory.
The task would:
- Ingest standard AWS Config JSON evaluation output (e.g., extracting
ConfigRuleName,ComplianceTypelikeCOMPLIANT/NON_COMPLIANT, andResourceId). - Map these AWS values to the OSCAL
AssessmentResultmodel using the existing Pydantic framework. - Output a valid OSCAL Assessment Results JSON/YAML file.
If the maintainers agree this , I would be happy to own the implementation and open a PR. Let me know your thoughts or if you have any specific architectural preferences for cloud-native tasks!