From 4c7757f553767fece0aa4c53d6036f374a75d53d Mon Sep 17 00:00:00 2001 From: Waldemar Hummer Date: Tue, 9 Nov 2021 21:12:36 +0100 Subject: [PATCH 1/9] Add build targets for moto-ext --- Makefile | 10 +++++++ README.md | 87 ++----------------------------------------------------- setup.cfg | 4 +-- 3 files changed, 14 insertions(+), 87 deletions(-) diff --git a/Makefile b/Makefile index 299fac705636..41868ba87850 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,16 @@ test-only: test: lint test-only +terraformtests: + @echo "Make sure that the MotoServer is already running on port 4566 (moto_server -p 4566)" + @echo "USAGE: make terraformtests SERVICE_NAME=acm TEST_NAMES=TestAccACMCertificate" + @echo "" + cd tests/terraformtests && bin/run_go_test $(SERVICE_NAME) "$(TEST_NAMES)" + +publish: + python -m build + twine upload dist/* + test_server: @TEST_SERVER_MODE=true pytest -sv --cov=moto --cov-report xml ./tests/ diff --git a/README.md b/README.md index d28e681600a3..13db57a7863a 100644 --- a/README.md +++ b/README.md @@ -1,86 +1,3 @@ -# Moto - Mock AWS Services +# moto-ext -[![Join the chat at https://gitter.im/awsmoto/Lobby](https://badges.gitter.im/awsmoto/Lobby.svg)](https://gitter.im/awsmoto/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) - -[![Build Status](https://github.com/getmoto/moto/workflows/TestNDeploy/badge.svg)](https://github.com/getmoto/moto/actions) -[![Coverage Status](https://codecov.io/gh/getmoto/moto/branch/master/graph/badge.svg)](https://codecov.io/gh/getmoto/moto) -[![Docs](https://readthedocs.org/projects/pip/badge/?version=stable)](http://docs.getmoto.org) -[![PyPI](https://img.shields.io/pypi/v/moto.svg)](https://pypi.org/project/moto/) -[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/moto.svg)](#) -[![PyPI - Downloads](https://img.shields.io/pypi/dw/moto.svg)](https://pypistats.org/packages/moto) -[![Code style: Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff) -[![Financial Contributors](https://opencollective.com/moto/tiers/badge.svg)](https://opencollective.com/moto) - - -## Install - -```console -$ pip install 'moto[ec2,s3,all]' -``` - -## In a nutshell - - -Moto is a library that allows your tests to easily mock out AWS Services. - -Imagine you have the following python code that you want to test: - -```python -import boto3 - - -class MyModel: - def __init__(self, name, value): - self.name = name - self.value = value - - def save(self): - s3 = boto3.client("s3", region_name="us-east-1") - s3.put_object(Bucket="mybucket", Key=self.name, Body=self.value) -``` - -Take a minute to think how you would have tested that in the past. - -Now see how you could test it with Moto: - -```python -import boto3 -from moto import mock_aws -from mymodule import MyModel - - -@mock_aws -def test_my_model_save(): - conn = boto3.resource("s3", region_name="us-east-1") - # We need to create the bucket since this is all in Moto's 'virtual' AWS account - conn.create_bucket(Bucket="mybucket") - model_instance = MyModel("steve", "is awesome") - model_instance.save() - body = conn.Object("mybucket", "steve").get()["Body"].read().decode("utf-8") - assert body == "is awesome" -``` - -With the decorator wrapping the test, all the calls to s3 are automatically mocked out. The mock keeps track of the state of the buckets and keys. - -For a full list of which services and features are covered, please see our [implementation coverage](https://github.com/getmoto/moto/blob/master/IMPLEMENTATION_COVERAGE.md). - - -### Documentation -The full documentation can be found here: - -[http://docs.getmoto.org/en/latest/](http://docs.getmoto.org/en/latest/) - - -### Financial Contributions -Support this project and its continued development, by sponsoring us! - -Click the `Sponsor`-button at the top of the page for more information. - -Our finances are managed by OpenCollective, which means you have full visibility into all our contributions and expenses: -https://opencollective.com/moto - -### Security contact information - -To report a security vulnerability, please use the -[Tidelift security contact](https://tidelift.com/security). -Tidelift will coordinate the fix and disclosure. +Fork of [Moto](https://github.com/getmoto/moto) with patches and fixes for [LocalStack](https://github.com/localstack/localstack). diff --git a/setup.cfg b/setup.cfg index c64bf51805f9..130068c2fdd2 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,12 +1,12 @@ [metadata] -name = moto +name = moto-ext version = 5.1.21.dev description = A library that allows you to easily mock out tests based on AWS infrastructure long_description = file:README.md long_description_content_type = text/markdown author = Steve Pulec author_email = spulec@gmail.com -url = https://github.com/getmoto/moto +url = https://github.com/localstack/moto license = Apache-2.0 test_suite = tests classifiers = From 0b35f6a6fc86f17f1f0eb4094b413c5fabd543aa Mon Sep 17 00:00:00 2001 From: Ben Simon Hartung <42031100+bentsku@users.noreply.github.com> Date: Mon, 9 Jan 2023 18:07:49 +0100 Subject: [PATCH 2/9] remove double CI runs for every pull request (#66) --- .github/workflows/build.yml | 8 +++++++- .github/workflows/dockertests.yml | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 27e4de56157a..b7721b70dc6d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,6 +1,12 @@ name: TestNDeploy -on: [push, pull_request] +on: + push: + paths-ignore: + - 'README.md' + branches: + - localstack + pull_request: jobs: cache: diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml index 94ffb9ea0982..af70bcdc9613 100644 --- a/.github/workflows/dockertests.yml +++ b/.github/workflows/dockertests.yml @@ -1,6 +1,12 @@ name: DockerTests -on: [push, pull_request] +on: + push: + paths-ignore: + - 'README.md' + branches: + - localstack + pull_request: jobs: cache: From c3da126bba56e588c1da6b0f5cc6dca073192d3a Mon Sep 17 00:00:00 2001 From: Max Date: Tue, 27 Aug 2024 12:36:48 +0200 Subject: [PATCH 3/9] SSM: add gov cloud (#74) --- .../us-gov-east-1.json | 191 +++++++++++++++ .../us-gov-west-1.json | 227 ++++++++++++++++++ tests/test_ssm/test_ssm_default_amis.py | 15 +- tests/test_ssm/test_ssm_parameterstore.py | 16 ++ 4 files changed, 446 insertions(+), 3 deletions(-) create mode 100644 moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json create mode 100644 moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json diff --git a/moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json new file mode 100644 index 000000000000..abf14dfcb2a8 --- /dev/null +++ b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json @@ -0,0 +1,191 @@ +[ + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692759.417, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-0388cfad0bfbabb99", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692760.492, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "Type": "String", + "Value": "ami-045a9bf9ced62bc2f", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692760.222, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0dbef5e1adb6e1abf", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692760.983, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "Type": "String", + "Value": "ami-06cfed33cc8526f2d", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012167.998, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-0a4c808d4c1a4bd8b", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697389.518, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0ad9a80ec3dceacee", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697389.822, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0aeefe7aca43006af", + "Version": 114 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697390.713, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0dbbc1ffd92e9dc3a", + "Version": 73 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697391.321, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "Type": "String", + "Value": "ami-0f679fed2d6731f5e", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697391.614, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-00cedd6af9996d4d7", + "Version": 114 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692759.694, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0a5db8fbece0eb74b", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692760.743, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "Type": "String", + "Value": "ami-0de91fdcfc8d9f74e", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692759.96, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-0cbbefdbb400bc3fa", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692761.237, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "Type": "String", + "Value": "ami-02225bbcc9e4f69ec", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012167.223, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0eabcdae6cabf6e70", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012167.616, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-0654bf9da906daf8b", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012167.808, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0aea210be1a75b94e", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697390.123, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-01abf14eabdf9aade", + "Version": 114 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697390.421, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0cf49cd7abf721d78", + "Version": 73 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697391.015, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0db1e2b6da3a4ef84", + "Version": 73 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1703012167.428, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0a80c906edacd0e8b", + "Version": 67 + } +] \ No newline at end of file diff --git a/moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json new file mode 100644 index 000000000000..9508646e0ba7 --- /dev/null +++ b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json @@ -0,0 +1,227 @@ +[ + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.09, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-011efb3cb2db23315", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.569, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "Type": "String", + "Value": "ami-019ee724f2be51720", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.461, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0c74a4baed89bc2c8", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.795, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "Type": "String", + "Value": "ami-01bdd33fcf8c3faaf", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012169.012, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-0bb609de40cb15fb0", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012169.337, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-s3", + "Type": "String", + "Value": "ami-0cdbe7f8dcc75fb7c", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697392.494, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0fccef3543f16dd9b", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697392.632, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0eea2ae1689e53bef", + "Version": 119 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697392.995, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-06ba9aacc2eed0ff5", + "Version": 74 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697393.216, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "Type": "String", + "Value": "ami-0549b0e03a35cad47", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.894, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "Type": "String", + "Value": "ami-03e7ac6ecae00de4c", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012168.667, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-034c73ffbb74bb99c", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012168.841, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-08cdd8d24cc1709c7", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012168.934, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-00eea1719b6aae09e", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012169.106, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-ebs", + "Type": "String", + "Value": "ami-0e3c8ed0bf77adcff", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012169.187, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-s3", + "Type": "String", + "Value": "ami-07aeb19a8d919da02", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012169.262, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-ebs", + "Type": "String", + "Value": "ami-0eb0af607aabfafff", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697392.88, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0c2ed33fcbcc83ebe", + "Version": 74 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697393.114, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0e7f6bd7808f3f95f", + "Version": 74 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697393.321, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-05eb4d4349faed35c", + "Version": 119 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.216, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0813aacedccabaaad", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.685, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "Type": "String", + "Value": "ami-0f8c631fccd898fcc", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.348, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-0b2a6da8cb6b500ff", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1703012168.758, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0cfb8ee4baf66e51e", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697392.767, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-03ebdb8bd059274a1", + "Version": 119 + } +] \ No newline at end of file diff --git a/tests/test_ssm/test_ssm_default_amis.py b/tests/test_ssm/test_ssm_default_amis.py index a3c286590dcc..419a49c42c6a 100644 --- a/tests/test_ssm/test_ssm_default_amis.py +++ b/tests/test_ssm/test_ssm_default_amis.py @@ -1,4 +1,5 @@ import boto3 +import pytest from moto import mock_aws @@ -6,8 +7,16 @@ @mock_aws -def test_ssm_get_latest_ami_by_path(): - client = boto3.client("ssm", region_name="us-west-1") +@pytest.mark.parametrize( + "partition,region", + [ + ("aws", "us-west-1"), + ("aws-us-gov", "us-gov-east-1"), + ("aws-us-gov", "us-gov-west-1"), + ], +) +def test_ssm_get_latest_ami_by_path(partition, region): + client = boto3.client("ssm", region_name=region) path = "/aws/service/ami-amazon-linux-latest" params = client.get_parameters_by_path(Path=path)["Parameters"] assert len(params) == 10 @@ -17,7 +26,7 @@ def test_ssm_get_latest_ami_by_path(): ) assert all(p["Type"] == "String" for p in params) assert all(p["DataType"] == "text" for p in params) - assert all(p["ARN"].startswith("arn:aws:ssm:us-west-1") for p in params) + assert all(p["ARN"].startswith(f"arn:{partition}:ssm:{region}") for p in params) @mock_aws diff --git a/tests/test_ssm/test_ssm_parameterstore.py b/tests/test_ssm/test_ssm_parameterstore.py index 1d0ebf01cd3f..77ff65a4e905 100644 --- a/tests/test_ssm/test_ssm_parameterstore.py +++ b/tests/test_ssm/test_ssm_parameterstore.py @@ -1,3 +1,5 @@ +import pytest + from moto.ssm.models import ParameterDict @@ -83,3 +85,17 @@ def test_ssm_parameter_from_unknown_region(): "/aws/service/ami-amazon-linux-latest", recursive=False ) ) + + +@pytest.mark.parametrize("region", ["us-gov-east-1", "us-gov-west-1"]) +def test_ssm_parameter_from_gov_cloud_east_region(region): + store = ParameterDict("000000000000", region) + keys = list( + store.get_keys_beginning_with( + "/aws/service/ami-amazon-linux-latest", recursive=False + ) + ) + for key in keys: + ssm_parameter = store.get(key)[0] + ami = ssm_parameter.value + assert ami.startswith("ami-") From d1ef2fa8b3beaedc9260a8d475a1ee94b1298f7a Mon Sep 17 00:00:00 2001 From: Alex Rashed <2796604+alexrashed@users.noreply.github.com> Date: Mon, 15 Sep 2025 13:15:16 +0200 Subject: [PATCH 4/9] add CI workflow to sync, build, publish, release moto-ext (#78,#79) --- .github/workflows/ci.yml | 195 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 195 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000000..6771dad334dd --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,195 @@ +# LocalStack specific workflow to implement a fully-integrated continuous integration pipeline for our fork +# - Rebase this fork based on the latest commit on `main` of upstream +# - Build a Python source and wheel distribution of moto-ext with deterministic versioning +# - Publish the distributions to PyPi +# - Tag the commit in this fork with the new version +# - Create a GitHub release for the new version + +name: Sync / Release moto-ext + +on: + schedule: + - cron: 0 5 * * MON + workflow_dispatch: + inputs: + dry_run: + description: 'Dry Run?' + default: true + required: true + type: boolean + +# limit concurrency to 1 +concurrency: + group: ${{ github.workflow }} + +jobs: + sync-build-release-moto-ext: + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/project/moto-ext/ + permissions: + contents: write + id-token: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: localstack + persist-credentials: false + + - name: Setup Python + uses: actions/setup-python@v6 + with: + python-version: '3.13' + + - name: Configure Git + run: | + # Configure git + git config --global user.name 'LocalStack Bot' + git config --global user.email 'localstack-bot@users.noreply.github.com' + git remote set-url origin https://git:${{ secrets.PRO_ACCESS_TOKEN }}@github.com/${{ github.repository }} + + # make sure to switch to the `localstack` branch (default / main branch of this fork) + git switch localstack + # add moto upstream as remote + git remote add upstream https://github.com/getmoto/moto.git + # rebase with latest changes + git pull + + # Create a custom merge driver which prefers everything from upstream _BUT_ the name and the URL + mkdir -p $HOME/.local/bin + cat > $HOME/.local/bin/git-prefer-theirs-name-url << EOF + #!/bin/bash + set -e + + base="\$1" + local="\$2" + remote="\$3" + + echo "Executing custom merge driver for base \$base, local \$local, remote \$remote." + + # Define keys to keep + KEYS=("name" "url") + + # Read files into arrays + mapfile -t REMOTE_LINES < "\$remote" + mapfile -t LOCAL_LINES < "\$local" + + echo "merging \$local + \$local + \$remote ..." + + # Function to check if a line should be kept (matches any key) + keep_line() { + local line="\$1" + for key in "\${KEYS[@]}"; do + [[ "\$line" == *"\$key"* ]] && return 0 + done + return 1 + } + + # keep key-matched lines from local, others from remote + for i in "\${!LOCAL_LINES[@]}"; do + if keep_line "\${REMOTE_LINES[i]}"; then + echo "\${REMOTE_LINES[i]}" + else + echo "\${LOCAL_LINES[i]}" + fi + done > "\$local" + + exit 0 + EOF + + # make the script executable and add it to the PATH + chmod +x $HOME/.local/bin/git-prefer-theirs-name-url + echo "$HOME/.local/bin" >> "$GITHUB_PATH" + + # add the merge driver to the git config + cat >> .git/config << EOF + + [merge "git-prefer-theirs-name-url"] + name = A driver which resolves merge conflicts on a setup.cfg such that it always takes the local name and url, and everything else from upstream + driver = git-prefer-theirs-name-url %O %A %B + EOF + + # define to use the custom merge driver for the setup.cfg + cat > .gitattributes << EOF + setup.cfg merge=git-prefer-theirs-name-url + EOF + + - name: Rebase localstack branch with latest master from upstream + run: | + git fetch upstream + git rebase upstream/master + + - name: Determine new version + run: | + echo "Determining new version..." + cat > setuptools.cfg << EOF + [tool.setuptools_scm] + local_scheme = "no-local-version" + version_scheme = "post-release" + EOF + python3 -m venv .venv + source .venv/bin/activate + python3 -m pip install setuptools_scm + NEW_VERSION=$(python3 -m setuptools_scm -c setuptools.cfg) + NEW_VERSION="${NEW_VERSION//dev/post}" + echo "New version is: $NEW_VERSION" + echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV + + - name: Build Python distributions + # FYI: Checks in this script only work because the -e flag is enabled by default in GitHub actions + run: | + python3 -m pip install build + + echo "Setting new version in setup.cfg": + # make sure setup.cfg is not dirty yet + git diff --exit-code setup.cfg + sed -i -E 's/^(version\s*=\s*)("?)[^"]+("?)/\1\2'"$NEW_VERSION"'\3/' setup.cfg + # make sure setup.cfg is dirty now + ! git diff --exit-code setup.cfg + + echo "Building new version and tagging commit..." + python3 -m build + + - name: Tag successful build + run: | + git tag -a $NEW_VERSION -m $NEW_VERSION + + - name: Clean up + run: | + git reset --hard + git clean -df + + - name: Store built distributions + uses: actions/upload-artifact@v4 + with: + name: moto-ext-dists + path: dist/*.* + + # publish the package before pushing the tag (this might fail if the version already exists on PyPI) + - name: Publish package distributions to PyPI + if: ${{ github.event.inputs.dry_run != 'true' }} + uses: pypa/gh-action-pypi-publish@release/v1 + + - name: Push + if: ${{ github.event.inputs.dry_run != 'true' }} + run: | + git push --force-with-lease + git push --atomic origin localstack $NEW_VERSION + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Add a retry to avoid issues where the GH CLI fails + # because it does not yet detect the pushed tag. + - name: Create Release + uses: nick-fields/retry@v3 + if: ${{ github.event.inputs.dry_run != 'true' }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + max_attempts: 5 + retry_wait_seconds: 120 + timeout_minutes: 5 + command: gh release create $NEW_VERSION --repo localstack/moto --notes "automatic rebase sync and release" \ No newline at end of file From d8943fd63975447ea43a30767dc8e487fd955b2e Mon Sep 17 00:00:00 2001 From: Silvio Vasiljevic Date: Tue, 16 Dec 2025 10:31:32 +0100 Subject: [PATCH 5/9] Force rebase on sync (#81) --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6771dad334dd..730491a89fd7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,7 +45,7 @@ jobs: python-version: '3.13' - name: Configure Git - run: | + run: | # Configure git git config --global user.name 'LocalStack Bot' git config --global user.email 'localstack-bot@users.noreply.github.com' @@ -120,7 +120,7 @@ jobs: - name: Rebase localstack branch with latest master from upstream run: | git fetch upstream - git rebase upstream/master + git rebase -f upstream/master - name: Determine new version run: | From dfd2db0a7fa89e9de02e4d53e0a92e74a5f8077a Mon Sep 17 00:00:00 2001 From: Viren Nadkarni Date: Tue, 27 Jan 2026 14:49:47 +0530 Subject: [PATCH 6/9] Remove aws-sam-translator pin for Python<3.14 (#80) --- setup.cfg | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/setup.cfg b/setup.cfg index 130068c2fdd2..53a2259982da 100644 --- a/setup.cfg +++ b/setup.cfg @@ -46,7 +46,8 @@ moto = py.typed [options.extras_require] all = antlr4-python3-runtime - aws-sam-translator<=1.103.0 + aws-sam-translator<=1.103.0; python_version >= "3.14" + aws-sam-translator>=1.105.0; python_version < "3.14" joserfc>=0.9.0 jsonpath_ng docker>=3.0.0 @@ -63,7 +64,8 @@ all = multipart proxy = antlr4-python3-runtime - aws-sam-translator<=1.103.0 + aws-sam-translator<=1.103.0; python_version >= "3.14" + aws-sam-translator>=1.105.0; python_version < "3.14" joserfc>=0.9.0 jsonpath_ng docker>=2.5.1 @@ -79,7 +81,8 @@ proxy = multipart server = antlr4-python3-runtime - aws-sam-translator<=1.103.0 + aws-sam-translator<=1.103.0; python_version >= "3.14" + aws-sam-translator>=1.105.0; python_version < "3.14" joserfc>=0.9.0 jsonpath_ng docker>=3.0.0 From 4d130b03c4bdc6a861e573e17b7e1439927565f4 Mon Sep 17 00:00:00 2001 From: Viren Nadkarni Date: Thu, 29 Jan 2026 16:36:44 +0530 Subject: [PATCH 7/9] Update project URLs --- setup.cfg | 4 ---- 1 file changed, 4 deletions(-) diff --git a/setup.cfg b/setup.cfg index 53a2259982da..9cb919c6fce6 100644 --- a/setup.cfg +++ b/setup.cfg @@ -19,10 +19,6 @@ classifiers = Programming Language :: Python :: 3.14 Topic :: Software Development :: Testing keywords = aws ec2 s3 boto3 mock -project_urls = - Documentation = http://docs.getmoto.org/en/latest/ - Issue tracker = https://github.com/getmoto/moto/issues - Changelog = https://github.com/getmoto/moto/blob/master/CHANGELOG.md [options] python_requires = >=3.9 From 265ad84b03f0f87743415424f9e85d1b009cb4e8 Mon Sep 17 00:00:00 2001 From: Viren Nadkarni Date: Fri, 30 Jan 2026 14:51:19 +0530 Subject: [PATCH 8/9] Enable static data update actions (#85) --- .github/workflows/data-update_config-managed-rules.yml | 2 +- .github/workflows/data-update_ec2-instance-offerings.yml | 4 ++-- .github/workflows/data-update_ec2-instance-types.yml | 4 ++-- .github/workflows/data-update_emr_instance_types.yml | 4 ++-- .github/workflows/data-update_iam-managed-policies.yml | 4 ++-- .github/workflows/data-update_ssm-default-amis.yml | 4 ++-- .github/workflows/data-update_ssm-default-parameters.yml | 4 ++-- .github/workflows/data-update_ssm-optimized-amis.yml | 4 ++-- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/data-update_config-managed-rules.yml b/.github/workflows/data-update_config-managed-rules.yml index 9d6d115d56fe..55338d18d507 100644 --- a/.github/workflows/data-update_config-managed-rules.yml +++ b/.github/workflows/data-update_config-managed-rules.yml @@ -16,7 +16,7 @@ jobs: update: name: Update Config Managed Rules runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write diff --git a/.github/workflows/data-update_ec2-instance-offerings.yml b/.github/workflows/data-update_ec2-instance-offerings.yml index c3922c3ff00f..db11141a95ff 100644 --- a/.github/workflows/data-update_ec2-instance-offerings.yml +++ b/.github/workflows/data-update_ec2-instance-offerings.yml @@ -16,7 +16,7 @@ jobs: update: name: Update EC2 Instance Offerings runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull EC2 instance types from AWS run: | diff --git a/.github/workflows/data-update_ec2-instance-types.yml b/.github/workflows/data-update_ec2-instance-types.yml index 27a47f7f179f..b519b615cd9f 100644 --- a/.github/workflows/data-update_ec2-instance-types.yml +++ b/.github/workflows/data-update_ec2-instance-types.yml @@ -16,7 +16,7 @@ jobs: update: name: Update EC2 Instance Types runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull EC2 instance types from AWS run: | diff --git a/.github/workflows/data-update_emr_instance_types.yml b/.github/workflows/data-update_emr_instance_types.yml index 099f39cf727b..f48ddab06ab6 100644 --- a/.github/workflows/data-update_emr_instance_types.yml +++ b/.github/workflows/data-update_emr_instance_types.yml @@ -16,7 +16,7 @@ jobs: update: name: Update EMR Instance Types runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull EMR instance types from AWS run: | diff --git a/.github/workflows/data-update_iam-managed-policies.yml b/.github/workflows/data-update_iam-managed-policies.yml index 10d2dab62850..3f699d69d41f 100644 --- a/.github/workflows/data-update_iam-managed-policies.yml +++ b/.github/workflows/data-update_iam-managed-policies.yml @@ -16,7 +16,7 @@ jobs: update: name: Update IAM Managed Policies runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull IAM managed policies from AWS run: | diff --git a/.github/workflows/data-update_ssm-default-amis.yml b/.github/workflows/data-update_ssm-default-amis.yml index 5e10c4f99f20..a34cd19077ef 100644 --- a/.github/workflows/data-update_ssm-default-amis.yml +++ b/.github/workflows/data-update_ssm-default-amis.yml @@ -16,7 +16,7 @@ jobs: update: name: Update SSM default AMIs runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull SSM default AMIs from AWS run: | diff --git a/.github/workflows/data-update_ssm-default-parameters.yml b/.github/workflows/data-update_ssm-default-parameters.yml index ca8a375662e2..c68f886c5068 100644 --- a/.github/workflows/data-update_ssm-default-parameters.yml +++ b/.github/workflows/data-update_ssm-default-parameters.yml @@ -16,7 +16,7 @@ jobs: update: name: Update SSM default parameters runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull SSM default Parameters from AWS run: | diff --git a/.github/workflows/data-update_ssm-optimized-amis.yml b/.github/workflows/data-update_ssm-optimized-amis.yml index e04fc12412ee..c759b49c026a 100644 --- a/.github/workflows/data-update_ssm-optimized-amis.yml +++ b/.github/workflows/data-update_ssm-optimized-amis.yml @@ -16,7 +16,7 @@ jobs: update: name: Update SSM Optimized AMIs runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull SSM Optimized AMIs from AWS run: | From af18e493a5ac4f1b8c433ec494cec27a2ef80986 Mon Sep 17 00:00:00 2001 From: viren-nadkarni <5170829+viren-nadkarni@users.noreply.github.com> Date: Sun, 1 Feb 2026 06:27:11 +0000 Subject: [PATCH 9/9] chore: update Config Managed Rules --- moto/config/resources/aws_managed_rules.json | 401 ++++++++++--------- 1 file changed, 216 insertions(+), 185 deletions(-) diff --git a/moto/config/resources/aws_managed_rules.json b/moto/config/resources/aws_managed_rules.json index 239a92efda73..709719926288 100644 --- a/moto/config/resources/aws_managed_rules.json +++ b/moto/config/resources/aws_managed_rules.json @@ -1,7 +1,7 @@ { "ManagedRules": { "ACCESS_KEYS_ROTATED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "90", @@ -14,7 +14,7 @@ "Trigger type": "Periodic" }, "ACCOUNT_PART_OF_ORGANIZATIONS": { - "AWS Region": "All supported AWS regions except China (Beijing), AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing) Region", "Parameters": [ { "Name": "MasterAccountId", @@ -37,7 +37,7 @@ "Trigger type": "Configuration changes" }, "ACM_CERTIFICATE_EXPIRATION_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "14", @@ -98,7 +98,7 @@ "Trigger type": "Configuration changes" }, "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Trigger type": "Periodic" @@ -134,7 +134,7 @@ "Trigger type": "Configuration changes" }, "ALB_WAF_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "wafWebAclIds", @@ -242,7 +242,7 @@ "Trigger type": "Configuration changes" }, "API_GW_ASSOCIATED_WITH_WAF": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "WebAclArns", @@ -254,25 +254,25 @@ "Trigger type": "Configuration changes" }, "API_GW_CACHE_ENABLED_AND_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::ApiGateway::Stage", "Trigger type": "Configuration changes" }, "API_GW_ENDPOINT_TYPE_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "endpointConfigurationTypes", "Optional": false, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::ApiGateway::RestApi", "Trigger type": "Configuration changes" }, "API_GW_EXECUTION_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Default": "ERROR,INFO", @@ -297,7 +297,7 @@ "Trigger type": "Configuration changes" }, "API_GW_SSL_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "CertificateIDs", @@ -628,7 +628,7 @@ "Trigger type": "Configuration changes" }, "APPROVED_AMIS_BY_ID": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "amiIds", @@ -640,7 +640,7 @@ "Trigger type": "Configuration changes" }, "APPROVED_AMIS_BY_TAG": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "tag-key:tag-value,other-tag-key", @@ -908,7 +908,7 @@ "Trigger type": "Periodic" }, "AURORA_MYSQL_BACKTRACKING_ENABLED": { - "AWS Region": "All supported AWS regions except Europe (Stockholm), Middle East (Bahrain), China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), AWS Secret - West, South America (Sao Paulo), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain) Region", + "AWS Region": "Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), US East (N. Virginia), Asia Pacific (Seoul), Asia Pacific (Osaka), Europe (London), Asia Pacific (Tokyo), US West (Oregon), US West (N. California), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central) Region", "Parameters": [ { "Name": "BacktrackWindowInHours", @@ -1021,7 +1021,7 @@ "Trigger type": "Configuration changes" }, "AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::AutoScaling::LaunchConfiguration", "Trigger type": "Configuration changes" @@ -1203,7 +1203,7 @@ "Trigger type": "Configuration changes" }, "BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::ElasticBeanstalk::Environment", "Trigger type": "Configuration changes" @@ -1245,7 +1245,7 @@ "Trigger type": "Configuration changes" }, "CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "cloudformationRoleArn", @@ -1257,20 +1257,20 @@ "Trigger type": "Configuration changes and Periodic" }, "CLOUDFORMATION_STACK_NOTIFICATION_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { - "Name": "snsTopic1", + "Name": "snsTopic2", "Optional": true, "Type": "String" }, { - "Name": "snsTopic2", + "Name": "snsTopic1", "Optional": true, "Type": "String" }, { - "Name": "snsTopic3", + "Name": "snsTopic5", "Optional": true, "Type": "String" }, @@ -1280,7 +1280,7 @@ "Type": "String" }, { - "Name": "snsTopic5", + "Name": "snsTopic3", "Optional": true, "Type": "String" } @@ -1288,6 +1288,12 @@ "Resource Types": "AWS::CloudFormation::Stack", "Trigger type": "Configuration changes" }, + "CLOUDFORMATION_STACK_SERVICE_ROLE_CHECK": { + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::CloudFormation::Stack", + "Trigger type": "Configuration changes" + }, "CLOUDFORMATION_TERMINATION_PROTECTION_CHECK": { "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], @@ -1330,6 +1336,12 @@ "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, + "CLOUDFRONT_DISTRIBUTION_KEY_GROUP_ENABLED": { + "AWS Region": "Only available in US East (N. Virginia) Region", + "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", + "Trigger type": "Configuration changes" + }, "CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], @@ -1427,7 +1439,7 @@ "Trigger type": "Periodic" }, "CLOUDTRAIL_S3_DATAEVENTS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "S3BucketNames", @@ -1446,8 +1458,8 @@ "AWS Region": "All supported AWS regions", "Parameters": [ { - "Default": "true", - "Name": "alarmActionRequired", + "Default": "false", + "Name": "okActionRequired", "Optional": false, "Type": "String" }, @@ -1458,8 +1470,8 @@ "Type": "String" }, { - "Default": "false", - "Name": "okActionRequired", + "Default": "true", + "Name": "alarmActionRequired", "Optional": false, "Type": "String" }, @@ -1499,7 +1511,7 @@ "Trigger type": "Configuration changes" }, "CLOUDWATCH_ALARM_RESOURCE_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "resourceType", @@ -1516,7 +1528,7 @@ "Trigger type": "Periodic" }, "CLOUDWATCH_ALARM_SETTINGS_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "metricName", @@ -1524,37 +1536,37 @@ "Type": "String" }, { - "Name": "threshold", + "Default": "300", + "Name": "period", "Optional": true, "Type": "int" }, { - "Name": "evaluationPeriods", + "Name": "statistic", "Optional": true, - "Type": "int" + "Type": "String" }, { - "Default": "300", - "Name": "period", + "Name": "comparisonOperator", "Optional": true, - "Type": "int" + "Type": "String" }, { - "Name": "comparisonOperator", + "Name": "threshold", "Optional": true, - "Type": "String" + "Type": "int" }, { - "Name": "statistic", + "Name": "evaluationPeriods", "Optional": true, - "Type": "String" + "Type": "int" } ], "Resource Types": "AWS::CloudWatch::Alarm", "Trigger type": "Configuration changes" }, "CLOUDWATCH_LOG_GROUP_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "KmsKeyId", @@ -1578,7 +1590,7 @@ "Trigger type": "Configuration changes" }, "CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "expectedDeliveryWindowAge", @@ -1611,7 +1623,7 @@ "Trigger type": "Periodic" }, "CLOUD_TRAIL_ENCRYPTION_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::CloudTrail::Trail", "Trigger type": "Periodic" @@ -1682,7 +1694,7 @@ "Trigger type": "Configuration changes" }, "CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::CodeBuild::Project", "Trigger type": "Configuration changes" @@ -1773,7 +1785,7 @@ "Trigger type": "Configuration changes" }, "CODEPIPELINE_DEPLOYMENT_COUNT_CHECK": { - "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), AWS Secret - West, Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "deploymentLimit", @@ -1785,7 +1797,7 @@ "Trigger type": "Configuration changes" }, "CODEPIPELINE_REGION_FANOUT_CHECK": { - "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), AWS Secret - West, Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Default": "3", @@ -2008,34 +2020,34 @@ "Trigger type": "Periodic" }, "DB_INSTANCE_BACKUP_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { - "Name": "backupRetentionPeriod", + "Name": "backupRetentionMinimum", "Optional": true, "Type": "int" }, { - "Name": "backupRetentionMinimum", + "Name": "backupRetentionPeriod", "Optional": true, "Type": "int" }, { - "Name": "preferredBackupWindow", + "Name": "checkReadReplicas", "Optional": true, - "Type": "String" + "Type": "boolean" }, { - "Name": "checkReadReplicas", + "Name": "preferredBackupWindow", "Optional": true, - "Type": "boolean" + "Type": "String" } ], "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "DESIRED_INSTANCE_TENANCY": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "tenancy", @@ -2057,7 +2069,7 @@ "Trigger type": "Configuration changes" }, "DESIRED_INSTANCE_TYPE": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "instanceType", @@ -2117,7 +2129,7 @@ "Trigger type": "Configuration changes" }, "DMS_REPLICATION_NOT_PUBLIC": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::DMS::ReplicationInstance", "Trigger type": "Periodic" @@ -2238,7 +2250,7 @@ "Trigger type": "Periodic" }, "DYNAMODB_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::DynamoDB::Table", "Trigger type": "Periodic" @@ -2349,7 +2361,7 @@ "Trigger type": "Configuration changes" }, "DYNAMODB_TABLE_ENCRYPTED_KMS": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -2385,7 +2397,7 @@ "Trigger type": "Periodic" }, "EBS_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::Volume", "Trigger type": "Periodic" @@ -2442,7 +2454,7 @@ "Trigger type": "Periodic" }, "EBS_OPTIMIZED_INSTANCE": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" @@ -2525,7 +2537,7 @@ "Trigger type": "Configuration changes" }, "EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Europe (Spain) Region", + "AWS Region": "All supported AWS regions except Europe (Spain) Region", "Parameters": [], "Trigger type": "Periodic" }, @@ -2613,13 +2625,13 @@ "Trigger type": "Configuration changes" }, "EC2_IMDSV2_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_DETAILED_MONITORING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" @@ -2637,13 +2649,13 @@ "Trigger type": "Configuration changes and Periodic" }, "EC2_INSTANCE_MANAGED_BY_SSM": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [], "Resource Types": "AWS::EC2::Instance, AWS::SSM::ManagedInstanceInventory", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_MULTIPLE_ENI_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "NetworkInterfaceIds", @@ -2655,13 +2667,13 @@ "Trigger type": "Configuration changes" }, "EC2_INSTANCE_NO_PUBLIC_IP": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_PROFILE_ATTACHED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [ { "Name": "IamInstanceProfileArnList", @@ -2738,7 +2750,7 @@ "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_APPLICATIONS_BLACKLISTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "applicationNames", @@ -2755,7 +2767,7 @@ "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_APPLICATIONS_REQUIRED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "applicationNames", @@ -2772,13 +2784,13 @@ "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Europe (Milan), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Osaka), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::SSM::AssociationCompliance", "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_INVENTORY_BLACKLISTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "inventoryNames", @@ -2795,13 +2807,13 @@ "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Osaka), Europe (Milan), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Milan), Asia Pacific (Taipei) Region", "Parameters": [], "Resource Types": "AWS::SSM::PatchCompliance", "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_PLATFORM_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "platformType", @@ -2993,7 +3005,7 @@ "Trigger type": "Periodic" }, "EC2_SECURITY_GROUP_ATTACHED_TO_ENI": { - "AWS Region": "All supported AWS regions except Middle East (UAE), AWS Secret - West, Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Canada West (Calgary) Region", "Parameters": [], "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes" @@ -3011,7 +3023,7 @@ "Trigger type": "Configuration changes" }, "EC2_STOPPED_INSTANCE": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "30", @@ -3108,7 +3120,7 @@ "Trigger type": "Configuration changes" }, "EC2_VOLUME_INUSE_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [ { "Name": "deleteOnTermination", @@ -3197,6 +3209,12 @@ "Resource Types": "AWS::ECS::CapacityProvider", "Trigger type": "Configuration changes" }, + "ECS_CAPACITY_PROVIDER_TERMINATION_CHECK": { + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", + "Parameters": [], + "Resource Types": "AWS::ECS::CapacityProvider", + "Trigger type": "Configuration changes" + }, "ECS_CONTAINERS_NONPRIVILEGED": { "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", "Parameters": [], @@ -3250,6 +3268,12 @@ "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, + "ECS_TASK_DEFINITION_LINUX_USER_NON_ROOT": { + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region", + "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", + "Trigger type": "Configuration changes" + }, "ECS_TASK_DEFINITION_LOG_CONFIGURATION": { "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", "Parameters": [], @@ -3292,6 +3316,12 @@ "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, + "ECS_TASK_DEFINITION_WINDOWS_USER_NON_ADMIN": { + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region", + "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", + "Trigger type": "Configuration changes" + }, "EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY": { "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [ @@ -3328,7 +3358,7 @@ "Trigger type": "Configuration changes" }, "EFS_ENCRYPTED_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "KmsKeyId", @@ -3364,7 +3394,7 @@ "Trigger type": "Configuration changes" }, "EFS_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EFS::FileSystem", "Trigger type": "Periodic" @@ -3498,7 +3528,7 @@ "Trigger type": "Periodic" }, "EIP_ATTACHED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::EIP", "Trigger type": "Configuration changes" @@ -3570,7 +3600,7 @@ "Trigger type": "Configuration changes" }, "EKS_ENDPOINT_NO_PUBLIC_ACCESS": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EKS::Cluster", "Trigger type": "Periodic" @@ -3588,7 +3618,7 @@ "Trigger type": "Configuration changes" }, "EKS_SECRETS_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "kmsKeyArns", @@ -3726,7 +3756,7 @@ "Trigger type": "Periodic" }, "ELASTICSEARCH_LOGS_TO_CLOUDWATCH": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "logTypes", @@ -3761,7 +3791,7 @@ "Trigger type": "Configuration changes" }, "ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Zurich) Region", "Parameters": [ { "Name": "UpdateLevel", @@ -3773,7 +3803,7 @@ "Trigger type": "Configuration changes" }, "ELBV2_ACM_CERTIFICATE_REQUIRED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "AcmCertificatesAllowed", @@ -3815,7 +3845,7 @@ "Trigger type": "Configuration changes" }, "ELB_ACM_CERTIFICATE_REQUIRED": { - "AWS Region": "All supported AWS regions except Africa (Cape Town), AWS Secret - West, Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", "Trigger type": "Configuration changes" @@ -3827,12 +3857,12 @@ "Trigger type": "Configuration changes" }, "ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "sslProtocolsAndCiphers", "Optional": false, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", @@ -3851,7 +3881,7 @@ "Trigger type": "Configuration changes" }, "ELB_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "s3BucketNames", @@ -3863,7 +3893,7 @@ "Trigger type": "Configuration changes" }, "ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "predefinedPolicyName", @@ -3899,7 +3929,7 @@ "Trigger type": "Periodic" }, "EMR_KERBEROS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "TicketLifetimeInHours", @@ -3931,7 +3961,7 @@ "Trigger type": "Periodic" }, "EMR_MASTER_NO_PUBLIC_IP": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EMR::Cluster, AWS::EC2::Instance", "Trigger type": "Periodic" @@ -3949,7 +3979,7 @@ "Trigger type": "Configuration changes" }, "ENCRYPTED_VOLUMES": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsId", @@ -4045,7 +4075,7 @@ "Trigger type": "Configuration changes" }, "FMS_SHIELD_RESOURCE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [ { "Name": "webACLId", @@ -4082,7 +4112,7 @@ "Trigger type": "Configuration changes" }, "FMS_WEBACL_RESOURCE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", "Parameters": [ { "Name": "webACLId", @@ -4114,7 +4144,7 @@ "Trigger type": "Configuration changes" }, "FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", "Parameters": [ { "Name": "ruleGroups", @@ -4421,7 +4451,7 @@ "Trigger type": "Periodic" }, "GUARDDUTY_ENABLED_CENTRALIZED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "CentralMonitoringAccount", @@ -4444,7 +4474,7 @@ "Trigger type": "Periodic" }, "GUARDDUTY_NON_ARCHIVED_FINDINGS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [ { "Default": "30", @@ -4486,7 +4516,7 @@ "Trigger type": "Periodic" }, "IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "blockedActionsPatterns", @@ -4509,13 +4539,13 @@ "Trigger type": "Periodic" }, "IAM_GROUP_HAS_USERS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::IAM::Group", "Trigger type": "Configuration changes" }, "IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "blockedActionsPatterns", @@ -4532,9 +4562,9 @@ "Trigger type": "Configuration changes" }, "IAM_NO_INLINE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), US West (N. California), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], - "Resource Types": "AWS::IAM::User, AWS::IAM::Role, AWS::IAM::Group", + "Resource Types": "AWS::IAM::Group, AWS::IAM::Role, AWS::IAM::User", "Trigger type": "Configuration changes" }, "IAM_OIDC_PROVIDER_TAGGED": { @@ -4550,7 +4580,7 @@ "Trigger type": "Configuration changes" }, "IAM_PASSWORD_POLICY": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "true", @@ -4598,7 +4628,7 @@ "Trigger type": "Periodic" }, "IAM_POLICY_BLACKLISTED_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "arn:aws:iam::aws:policy/AdministratorAccess", @@ -4616,7 +4646,7 @@ "Trigger type": "Configuration changes" }, "IAM_POLICY_IN_USE": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "policyARN", @@ -4633,7 +4663,7 @@ "Trigger type": "Periodic" }, "IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "excludePermissionBoundaryPolicy", @@ -4645,7 +4675,7 @@ "Trigger type": "Configuration changes" }, "IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "excludePermissionBoundaryPolicy", @@ -4657,7 +4687,7 @@ "Trigger type": "Configuration changes" }, "IAM_ROLE_MANAGED_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "managedPolicyArns", @@ -4669,7 +4699,7 @@ "Trigger type": "Configuration changes" }, "IAM_ROOT_ACCESS_KEY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Malaysia), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, @@ -4704,19 +4734,19 @@ "Trigger type": "Configuration changes" }, "IAM_USER_GROUP_MEMBERSHIP_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "groupNames", "Optional": true, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::IAM::User", "Trigger type": "Configuration changes" }, "IAM_USER_MFA_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::IAM::User", "Trigger type": "Periodic" @@ -4728,7 +4758,7 @@ "Trigger type": "Configuration changes" }, "IAM_USER_UNUSED_CREDENTIALS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "90", @@ -4741,7 +4771,7 @@ "Trigger type": "Periodic" }, "INCOMING_SSH_DISABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes and Periodic" @@ -4771,7 +4801,7 @@ "Trigger type": "Periodic" }, "INSTANCES_IN_VPC": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "vpcId", @@ -4783,12 +4813,12 @@ "Trigger type": "Configuration changes" }, "INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "AuthorizedVpcIds", "Optional": true, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::EC2::InternetGateway", @@ -5137,7 +5167,7 @@ "Trigger type": "Configuration changes" }, "KMS_CMK_NOT_SCHEDULED_FOR_DELETION": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Europe (Milan), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Europe (Milan), Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "kmsKeyIds", @@ -5167,15 +5197,15 @@ "Trigger type": "Configuration changes" }, "LAMBDA_CONCURRENCY_CHECK": { - "AWS Region": "All supported AWS regions except China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { - "Name": "ConcurrencyLimitLow", + "Name": "ConcurrencyLimitHigh", "Optional": true, "Type": "String" }, { - "Name": "ConcurrencyLimitHigh", + "Name": "ConcurrencyLimitLow", "Optional": true, "Type": "String" } @@ -5184,12 +5214,12 @@ "Trigger type": "Configuration changes" }, "LAMBDA_DLQ_CHECK": { - "AWS Region": "All supported AWS regions except China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [ { "Name": "dlqArns", "Optional": true, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::Lambda::Function", @@ -5202,13 +5232,13 @@ "Trigger type": "Configuration changes" }, "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Europe (Spain), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except Europe (Spain), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::Lambda::Function", "Trigger type": "Configuration changes" }, "LAMBDA_FUNCTION_SETTINGS_CHECK": { - "AWS Region": "All supported AWS regions except China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "runtime", @@ -5221,14 +5251,14 @@ "Type": "String" }, { - "Default": "3", - "Name": "timeout", + "Default": "128", + "Name": "memorySize", "Optional": true, "Type": "int" }, { - "Default": "128", - "Name": "memorySize", + "Default": "3", + "Name": "timeout", "Optional": true, "Type": "int" } @@ -5243,12 +5273,12 @@ "Trigger type": "Configuration changes" }, "LAMBDA_INSIDE_VPC": { - "AWS Region": "All supported AWS regions except China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "subnetIds", "Optional": true, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::Lambda::Function", @@ -5333,7 +5363,7 @@ "Trigger type": "Periodic" }, "MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::IAM::User", "Trigger type": "Periodic" @@ -5658,7 +5688,7 @@ "Trigger type": "Configuration changes" }, "NO_UNRESTRICTED_ROUTE_TO_IGW": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "routeTableIds", @@ -5826,7 +5856,7 @@ "Trigger type": "Configuration changes" }, "RDS_ENHANCED_MONITORING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "monitoringInterval", @@ -5862,7 +5892,7 @@ "Trigger type": "Configuration changes" }, "RDS_INSTANCE_DELETION_PROTECTION_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "databaseEngines", @@ -5874,7 +5904,7 @@ "Trigger type": "Configuration changes" }, "RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" @@ -5892,7 +5922,7 @@ "Trigger type": "Periodic" }, "RDS_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Periodic" @@ -5927,7 +5957,7 @@ "Trigger type": "Periodic" }, "RDS_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "additionalLogs", @@ -6069,15 +6099,15 @@ "Trigger type": "Periodic" }, "RDS_SNAPSHOTS_PUBLIC_PROHIBITED": { - "AWS Region": "All supported AWS regions except Africa (Cape Town), AWS Secret - West, Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Africa (Cape Town), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], - "Resource Types": "AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot", + "Resource Types": "AWS::RDS::DBClusterSnapshot, AWS::RDS::DBSnapshot", "Trigger type": "Configuration changes" }, "RDS_SNAPSHOT_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], - "Resource Types": "AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot", + "Resource Types": "AWS::RDS::DBClusterSnapshot, AWS::RDS::DBSnapshot", "Trigger type": "Configuration changes" }, "RDS_SQLSERVER_ENCRYPTED_IN_TRANSIT": { @@ -6099,7 +6129,7 @@ "Trigger type": "Configuration changes" }, "RDS_STORAGE_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyId", @@ -6123,7 +6153,7 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_BACKUP_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except Mexico (Central) Region", "Parameters": [ { "Name": "MinRetentionPeriod", @@ -6140,17 +6170,17 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_CONFIGURATION_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except Mexico (Central) Region", "Parameters": [ { "Default": "true", - "Name": "clusterDbEncrypted", + "Name": "loggingEnabled", "Optional": false, "Type": "boolean" }, { "Default": "true", - "Name": "loggingEnabled", + "Name": "clusterDbEncrypted", "Optional": false, "Type": "boolean" }, @@ -6165,7 +6195,7 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_KMS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -6177,7 +6207,7 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_MAINTENANCESETTINGS_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except Mexico (Central) Region", "Parameters": [ { "Default": "true", @@ -6261,7 +6291,7 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_REQUIRE_TLS_SSL": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except Mexico (Central) Region", "Parameters": [], "Resource Types": "AWS::Redshift::Cluster, AWS::Redshift::ClusterParameterGroup", "Trigger type": "Configuration changes" @@ -6395,7 +6425,7 @@ "Trigger type": "Configuration changes" }, "RESTRICTED_INCOMING_TRAFFIC": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "20", @@ -6422,6 +6452,7 @@ "Type": "int" }, { + "Default": "4333", "Name": "blockedPort5", "Optional": true, "Type": "int" @@ -6436,12 +6467,12 @@ "Trigger type": "Configuration changes and Periodic" }, "ROOT_ACCOUNT_HARDWARE_MFA_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [], "Trigger type": "Periodic" }, "ROOT_ACCOUNT_MFA_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [], "Trigger type": "Periodic" }, @@ -6572,11 +6603,11 @@ "Trigger type": "Configuration changes" }, "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [ { "Default": "True", - "Name": "IgnorePublicAcls", + "Name": "RestrictPublicBuckets", "Optional": true, "Type": "String" }, @@ -6594,7 +6625,7 @@ }, { "Default": "True", - "Name": "RestrictPublicBuckets", + "Name": "IgnorePublicAcls", "Optional": true, "Type": "String" } @@ -6636,7 +6667,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_BLACKLISTED_ACTIONS_PROHIBITED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "blacklistedActionPattern", @@ -6654,7 +6685,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_DEFAULT_LOCK_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "mode", @@ -6666,7 +6697,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "excludedPublicBuckets", @@ -6678,15 +6709,15 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { - "Name": "targetBucket", + "Name": "targetPrefix", "Optional": true, "Type": "String" }, { - "Name": "targetPrefix", + "Name": "targetBucket", "Optional": true, "Type": "String" } @@ -6733,7 +6764,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "controlPolicy", @@ -6745,13 +6776,13 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_PUBLIC_READ_PROHIBITED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes and Periodic" }, "S3_BUCKET_PUBLIC_WRITE_PROHIBITED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes and Periodic" @@ -6769,7 +6800,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" @@ -6793,7 +6824,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_VERSIONING_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "isMfaDeleteEnabled", @@ -6813,7 +6844,7 @@ "Type": "CSV" } ], - "Resource Types": "AWS::S3::Bucket", + "Resource Types": "AWS::S3::Bucket, AWS::KMS::Key", "Trigger type": "Configuration changes" }, "S3_EVENT_NOTIFICATIONS_ENABLED": { @@ -7030,7 +7061,7 @@ "Trigger type": "Configuration changes" }, "SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -7102,7 +7133,7 @@ "Trigger type": "Configuration changes" }, "SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -7132,21 +7163,21 @@ "Trigger type": "Configuration changes" }, "SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [], "Resource Types": "AWS::SageMaker::NotebookInstance", "Trigger type": "Periodic" }, "SECRETSMANAGER_ROTATION_ENABLED_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { - "Name": "maximumAllowedRotationFrequency", + "Name": "maximumAllowedRotationFrequencyInHours", "Optional": true, "Type": "int" }, { - "Name": "maximumAllowedRotationFrequencyInHours", + "Name": "maximumAllowedRotationFrequency", "Optional": true, "Type": "int" } @@ -7185,7 +7216,7 @@ "Trigger type": "Periodic" }, "SECRETSMANAGER_USING_CMK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "kmsKeyArns", @@ -7197,7 +7228,7 @@ "Trigger type": "Configuration changes" }, "SECURITYHUB_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Trigger type": "Periodic" }, @@ -7226,7 +7257,7 @@ "Trigger type": "Configuration changes" }, "SERVICE_VPC_ENDPOINT_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "serviceName", @@ -7260,7 +7291,7 @@ "Trigger type": "Periodic" }, "SNS_ENCRYPTED_KMS": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyIds", @@ -7314,7 +7345,7 @@ "Trigger type": "Periodic" }, "SSM_DOCUMENT_NOT_PUBLIC": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [], "Resource Types": "AWS::SSM::Document", "Trigger type": "Periodic" @@ -7461,7 +7492,7 @@ "Trigger type": "Periodic" }, "SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::Subnet", "Trigger type": "Configuration changes" @@ -7657,7 +7688,7 @@ "Trigger type": "Periodic" }, "VPC_DEFAULT_SECURITY_GROUP_CLOSED": { - "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", + "AWS Region": "Only available in Middle East (Bahrain), US East (Ohio), Europe (Ireland), Europe (Frankfurt), US East (N. Virginia), US West (Oregon) Region", "Parameters": [], "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes" @@ -7685,7 +7716,7 @@ "Trigger type": "Periodic" }, "VPC_FLOW_LOGS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "trafficType", @@ -7697,7 +7728,7 @@ "Trigger type": "Periodic" }, "VPC_NETWORK_ACL_UNUSED_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::NetworkAcl", "Trigger type": "Configuration changes" @@ -7715,7 +7746,7 @@ "Trigger type": "Configuration changes" }, "VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "authorizedTcpPorts", @@ -7759,13 +7790,13 @@ "Trigger type": "Periodic" }, "VPC_VPN_2_TUNNELS_UP": { - "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), AWS Secret - West, Asia Pacific (Osaka), Israel (Tel Aviv), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Osaka), Israel (Tel Aviv), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::VPNConnection", "Trigger type": "Configuration changes" }, "WAFV2_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "KinesisFirehoseDeliveryStreamArns",