TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot:

cloud/aws/acm/acm-cert-renewal-30days.yaml

@@ -11,8 +11,9 @@ info:
     Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes.
   reference:
     - https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,acm,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/acm/acm-cert-renewal-45days.yaml

@@ -11,8 +11,9 @@ info:
     Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes.
   reference:
     - https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,acm,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/acm/acm-cert-validation.yaml

@@ -11,8 +11,9 @@ info:
     Use AWS ACM for certificate provisioning and ensure domain validation steps are correctly followed for each certificate issued or renewed.
   reference:
     - https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,acm,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/acm/acm-wildcard-cert.yaml

@@ -11,8 +11,9 @@ info:
     Replace wildcard ACM certificates with single domain name certificates for each domain/subdomain within your AWS account. This enhances security by ensuring each domain/subdomain has its own unique private key and certificate.
   reference:
     - https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,acm,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/aws-code-env.yaml

@@ -7,6 +7,8 @@ info:
     Checks if AWS CLI is set up and all necessary tools are installed on the environment.
   reference:
     - https://aws.amazon.com/cli/
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazone,aws-cloud-config
 
 variables:

cloud/aws/cloudtrail/cloudtrail-data-events.yaml

@@ -11,8 +11,9 @@ info:
     Enable data event logging in CloudTrail for S3 buckets to ensure detailed activity monitoring and logging for better security and compliance.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/cloudtrail-disabled.yaml

@@ -11,8 +11,9 @@ info:
     Enable CloudTrail in all AWS regions through the AWS Management Console or CLI to ensure comprehensive activity logging and monitoring.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-getting-started.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/cloudtrail-dup-logs.yaml

@@ -11,8 +11,9 @@ info:
     Configure only one multi-region trail to log global service events and disable global service logging for all other trails.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/cloudtrail-global-disabled.yaml

@@ -11,8 +11,9 @@ info:
     Enable global service logging in CloudTrail by creating or updating a trail to include global services. This ensures comprehensive activity monitoring.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/cloudtrail-integrated-cloudwatch.yaml

@@ -11,8 +11,9 @@ info:
     Enable CloudTrail log file validation and configure CloudWatch Logs to monitor CloudTrail log files. Create CloudWatch Alarms for specific events of interest.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,cloudtrail,cloudwatch,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/cloudtrail-log-integrity.yaml

@@ -11,8 +11,9 @@ info:
     Enable log file integrity validation on all CloudTrail trails to ensure the integrity and authenticity of your logs.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/cloudtrail-logs-not-encrypted.yaml

@@ -11,8 +11,9 @@ info:
     Enable Server-Side Encryption (SSE) for CloudTrail logs using an AWS KMS key through the CloudTrail console or AWS CLI.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/cloudtrail/cloudtrail-mfa-delete.yaml

@@ -11,8 +11,9 @@ info:
     Enable MFA Delete on CloudTrail buckets via the S3 console or AWS CLI.
   reference:
     - https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html
+  metadata:
+    max-request: 3
   tags: cloud,devops,aws,amazon,s3,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/cloudtrail-mgmt-events.yaml

@@ -11,9 +11,9 @@ info:
     Enable management event logging in CloudTrail by creating a new trail or updating existing trails to include management events.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
-
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/cloudtrail-public-buckets.yaml

@@ -11,8 +11,9 @@ info:
     Restrict S3 bucket access using bucket policies or IAM policies to ensure that CloudTrail logs are not publicly accessible.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,s3,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/cloudtrail-s3-bucket-logging.yaml

@@ -11,8 +11,9 @@ info:
     Enable Server Access Logging on the S3 bucket used by CloudTrail. Configure the logging feature to capture all requests made to the CloudTrail bucket.
   reference:
     - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
+  metadata:
+    max-request: 3
   tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudtrail/s3-object-lock-not-enabled.yaml

@@ -11,8 +11,9 @@ info:
     Enable S3 Object Lock in Governance mode with a retention period that meets your compliance requirements for CloudTrail S3 buckets.
   reference:
     - https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
+  metadata:
+    max-request: 3
   tags: cloud,devops,aws,amazon,s3,aws-cloud-config
-
 variables:
   region: "ap-south-1"
 

cloud/aws/cloudwatch/cw-alarm-action-set.yaml

@@ -11,8 +11,9 @@ info:
     Configure at least one action for each CloudWatch alarm to ensure timely response to monitored issues.
   reference:
     - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/cloudwatch/cw-alarms-actions.yaml

@@ -11,8 +11,9 @@ info:
     Enable actions for each CloudWatch alarm by setting the ActionEnabled parameter to true, allowing for automated responses to alarms.
   reference:
     - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/ec2/ec2-imdsv2.yaml

@@ -11,9 +11,9 @@ info:
     Modify the EC2 instance metadata options to set `HttpTokens` to `required`, enforcing the use of IMDSv2. This can be done via the AWS Management Console, CLI, or EC2 API.
   reference:
     - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
-
-
 variables:
   region: "us-east-1"
 

cloud/aws/ec2/ec2-public-ip.yaml

@@ -11,8 +11,9 @@ info:
     Restrict public IP assignment for EC2 instances, particularly for backend instances. Use private IPs and manage access via AWS VPC and security groups.
   reference:
     - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/ec2/ec2-sg-egress-open.yaml

@@ -11,8 +11,9 @@ info:
     Restrict egress traffic in EC2 security groups to only necessary IP addresses and ranges, adhering to the Principle of Least Privilege.
   reference:
     - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#sg-rules
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/ec2/ec2-sg-ingress.yaml

@@ -11,8 +11,9 @@ info:
     Restrict access to uncommon ports in EC2 security groups, permitting only necessary traffic and implementing stringent access controls.
   reference:
     - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/ec2/publicly-shared-ami.yaml

@@ -11,8 +11,9 @@ info:
     Restrict AMI sharing to specific, trusted AWS accounts and ensure they are not publicly accessible.
   reference:
     - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,ami,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/ec2/unencrypted-aws-ami.yaml

@@ -11,8 +11,9 @@ info:
     Encrypt your AMIs using AWS managed keys or customer-managed keys in the AWS Key Management Service (KMS) to ensure data security.
   reference:
     - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
-
 variables:
   region: "us-east-1"
 

cloud/aws/iam/iam-full-admin-privileges.yaml

@@ -7,6 +7,8 @@ info:
     Verifies that no Amazon IAM policies grant full administrative privileges, ensuring adherence to the Principle of Least Privilege
   reference:
     - https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy-version.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,iam,aws-cloud-config
 
 flow: |

cloud/aws/iam/iam-key-rotation-90days.yaml

@@ -7,6 +7,8 @@ info:
     Checks if IAM user access keys are rotated every 90 days to minimize accidental exposures and unauthorized access risks
   reference:
     - https://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,iam,aws-cloud-config
 
 flow: |

cloud/aws/iam/iam-mfa-enable.yaml

@@ -7,6 +7,8 @@ info:
     Verifies that Multi-Factor Authentication (MFA) is enabled for all IAM users with console access in AWS
   reference:
     - https://docs.aws.amazon.com/cli/latest/reference/iam/list-mfa-devices.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,iam,aws-cloud-config
 
 flow: |

cloud/aws/iam/iam-ssh-keys-rotation.yaml

@@ -7,6 +7,8 @@ info:
     Verifies that IAM SSH public keys are rotated every 90 days, enhancing security and preventing unauthorized access to AWS CodeCommit repositories
   reference:
     - https://docs.aws.amazon.com/cli/latest/reference/iam/list-ssh-public-keys.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,iam,ssh,aws-cloud-config
 
 flow: |

cloud/aws/rds/aurora-copy-tags-snap.yaml

@@ -11,8 +11,9 @@ info:
     Enable Copy Tags to Snapshots for Aurora clusters via the AWS Management Console or modify the DB cluster to include this feature using AWS CLI.
   reference:
     - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config
-
 variables:
   region: "ap-northeast-1"
 

cloud/aws/rds/aurora-delete-protect.yaml

@@ -11,8 +11,9 @@ info:
     Enable Deletion Protection by modifying the Aurora cluster settings in the AWS Management Console or via the AWS CLI.
   reference:
     - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBInstanceDeletionProtection.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config
-
 variables:
   region: "ap-northeast-1"
 

cloud/aws/rds/iam-db-auth.yaml

@@ -11,8 +11,9 @@ info:
     Enable IAM Database Authentication for MySQL and PostgreSQL RDS database instances to leverage IAM for secure, token-based access control.
   reference:
     - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,rds,aws-cloud-config
-
 variables:
   region: "ap-northeast-1"
 

cloud/aws/rds/rds-backup-enable.yaml

@@ -11,8 +11,9 @@ info:
     Enable automated backups for RDS instances by setting the backup retention period to a value other than 0.
   reference:
     - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,rds,aws-cloud-config
-
 variables:
   region: "ap-northeast-1"
 

cloud/aws/rds/rds-deletion-protection.yaml

@@ -11,9 +11,9 @@ info:
     Enable Deletion Protection for all Amazon RDS instances via the AWS Management Console or using the AWS CLI.
   reference:
     - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,rds,aws-cloud-config
-
-
 variables:
   region: "ap-northeast-1"
 

cloud/aws/rds/rds-encryption-check.yaml

@@ -11,8 +11,9 @@ info:
     Enable encryption for your Amazon RDS instances by modifying the instance and setting the "Storage Encrypted" option to true. For new instances, enable encryption within the launch wizard.
   reference:
     - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,rds,aws-cloud-config
-
 variables:
   region: "ap-northeast-1"
 

cloud/aws/rds/rds-gp-ssd-usage.yaml

@@ -11,8 +11,9 @@ info:
     Convert RDS instances from Provisioned IOPS to General Purpose SSDs to optimize costs without sacrificing I/O performance for most database workloads.
   reference:
     - https://aws.amazon.com/rds/features/storage/
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,rds,aws-cloud-config
-
 variables:
   region: "ap-northeast-1"
 

cloud/aws/rds/rds-public-snapshot.yaml

@@ -11,8 +11,9 @@ info:
     Modify the snapshot's visibility settings to ensure it is not public, only shared with specific AWS accounts.
   reference:
     - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html
+  metadata:
+    max-request: 2
   tags: cloud,devops,aws,amazon,rds,aws-cloud-config
-
 variables:
   region: "ap-northeast-1"