adding ID field (#871)

pkg/policies/opa/rego/aws/aws_api_gateway_method/AWS.APGM.IS.LOW.0056.json

@@ -10,5 +10,6 @@
     "description": "Ensure there is no open access to back-end resources through API",
     "reference_id": "AWS.APGM.IS.LOW.0056",
     "category": "Infrastructure Security",
+    "id": "AC_AWS_0439",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_api_gateway_rest_api_policy/AWS.APGRAP.IAM.HIGH.0064.json

@@ -10,5 +10,6 @@
     "description": "Ensure use of API Gateway endpoint policy, and no action wildcards are being used.",
     "reference_id": "AWS.APGRAP.IAM.HIGH.0064",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0440",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_apigatewayv2_api/AWS.ApiGatewayV2Api.AccessControl.Medium.0630.json

@@ -8,5 +8,6 @@
     "description": "Insecure Cross-Origin Resource Sharing Configuration allowing all domains",
     "reference_id": "AWS.ApiGatewayV2Api.AccessControl.0630",
     "category": "Security Best Practices",
+    "id": "AC_AWS_0441",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_apigatewayv2_stage/AWS.ApiGatewayV2Stage.Logging.Low.0630.json

@@ -8,5 +8,6 @@
     "description": "AWS API Gateway V2 Stage is missing access logs",
     "reference_id": "AWS.ApiGatewayV2Stage.Logging.0630",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0442",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_athena_database/AWS.ADB.DP.MEDIUM.016.json

@@ -10,5 +10,6 @@
     "description": "Ensure Athena Database is encrypted at rest",
     "reference_id": "AWS.ADB.DP.MEDIUM.016",
     "category": "Data Protection",
+    "id": "AC_AWS_0443",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0599.json

@@ -11,5 +11,6 @@
     "description": "AWS CloudFormation Not In Use",
     "reference_id": "AWS.CloudFormation.Medium.0599",
     "category": "Security Best Practices",
+    "id": "AC_AWS_0444",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0604.json

@@ -11,5 +11,6 @@
     "description": "AWS CloudFormation Stack Policy",
     "reference_id": "AWS.CloudFormation.Medium.0604",
     "category": "Security Best Practices",
+    "id": "AC_AWS_0445",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.LM.MEDIUM.0087.json

@@ -10,5 +10,6 @@
     "description": "Ensure CloudTrail has log file validation enabled.",
     "reference_id": "AWS.CloudTrail.LM.MEDIUM.0087",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0446",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Low.009.json

@@ -10,5 +10,6 @@
     "description": "ECR should have an image tag be immutable",
     "reference_id": "AWS.CloudTrail.Logging.Low.009",
     "category": "Security Best Practices",
+    "id": "AC_AWS_0447",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.004.json

@@ -10,5 +10,6 @@
     "description": "Cloud Trail Multi Region not enabled",
     "reference_id": "AWS.CloudTrail.Logging.Medium.004",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0448",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.008.json

@@ -10,5 +10,6 @@
     "description": "Ensure that EC2 is EBS optimized",
     "reference_id": "AWS.CloudTrail.Logging.Medium.008",
     "category": "Security Best Practices",
+    "id": "AC_AWS_0449",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.Config.Logging.Medium.0590.json

@@ -10,5 +10,6 @@
     "description": "Ensure AWS Config is enabled in all regions",
     "reference_id": "AWS.Config.Logging.Medium.0590",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0450",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_cloudwatch/AWS.CloudWatch.EncryptionandKeyManagement.High.0632.json

@@ -8,5 +8,6 @@
     "description": "AWS CloudWatch log group is not encrypted with a KMS CMK",
     "reference_id": "AWS.CloudWatch.EncryptionandKeyManagement.High.0632",
     "category": "Data Protection",
+    "id": "AC_AWS_0451",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_cloudwatch_log_group/AWS.ACLG.LM.MEDIUM.0068.json

@@ -10,5 +10,6 @@
     "description": "Ensure AWS Cloudwatch log group has retention policy set.",
     "reference_id": "AWS.ACLG.LM.MEDIUM.0068",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0452",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_dax_cluster/AWS.ADC.DP.MEDIUM.0021.json

@@ -10,5 +10,6 @@
     "description": "Ensure DAX is encrypted at rest",
     "reference_id": "AWS.ADC.DP.MEDIUM.0021",
     "category": "Data Protection",
+    "id": "AC_AWS_0453",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_db_instance/AWS.ADI.LM.MEDIUM.0076.json

@@ -10,5 +10,6 @@
     "description": "Ensure AWS RDS instances have logging enabled.",
     "reference_id": "AWS.ADI.LM.MEDIUM.0076",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0454",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_docdb_cluster/AWS.ADC.DP.MEDIUM.0022.json

@@ -10,5 +10,6 @@
     "description": "Ensure DocDb is encrypted at rest",
     "reference_id": "AWS.ADC.DP.MEDIUM.0022",
     "category": "Data Protection",
+    "id": "AC_AWS_0455",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_docdb_cluster/AWS.ADC.DP.MEDIUM.0069.json

@@ -10,5 +10,6 @@
     "description": "Ensure DocDb clusters have log exports enabled.",
     "reference_id": "AWS.ADC.LM.MEDIUM.0069",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0456",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_dynamodb_table/AWS.ADT.DP.MEDIUM.0025.json

@@ -10,5 +10,6 @@
     "description": "Ensure DynamoDb is encrypted at rest",
     "reference_id": "AWS.ADT.DP.MEDIUM.0025",
     "category": "Data Protection",
+    "id": "AC_AWS_0457",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_dynamodb_table/AWS.DynamoDb.Logging.Medium.007.json

@@ -10,5 +10,6 @@
     "description": "Ensure Point In Time Recovery is enabled for DynamoDB Tables",
     "reference_id": "AWS.DynamoDb.Logging.Medium.007",
     "category": "Resilience",
+    "id": "AC_AWS_0458",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_ebs_volume/AWS.EBS.EKM.Medium.0682.json

@@ -11,5 +11,6 @@
     "description": "Enable AWS EBS Snapshot Encryption",
     "reference_id": "AWS.EBS.EKM.Medium.0682",
     "category": "Data Protection",
+    "id": "AC_AWS_0459",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_ebs_volume/AWS.EcsCluster.EncryptionandKeyManagement.High.0413.json

@@ -11,5 +11,6 @@
     "description": "Ensure that AWS EBS clusters are encrypted. Data encryption at rest, prevents unauthorized users from accessing sensitive data on your AWS EBS clusters and associated cache storage systems.",
     "reference_id": "AWS.EcsCluster.EncryptionandKeyManagement.High.0413",
     "category": "Data Protection",
+    "id": "AC_AWS_0460",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_ecr_repository/AWS.AER.DP.MEDIUM.0026.json

@@ -10,5 +10,6 @@
     "description": "Ensure ECR repository is encrypted at rest",
     "reference_id": "AWS.AER.DP.MEDIUM.0026",
     "category": "Data Protection",
+    "id": "AC_AWS_0461",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_ecr_repository/AWS.AER.DP.MEDIUM.0058.json

@@ -10,5 +10,6 @@
     "description": "Ensure ECR repository has policy attached.",
     "reference_id": "AWS.AER.DP.MEDIUM.0058",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0462",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.AETD.IS.MEDIUM.0043.json

@@ -10,5 +10,6 @@
     "description": "Ensure EFS volume used for ECS task defination has in transit encryption enabled",
     "reference_id": "AWS.AETD.IS.MEDIUM.0043",
     "category": "Infrastructure Security",
+    "id": "AC_AWS_0463",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_efs_file_system_policy/AWS.AEFSP.IAM.HIGH.0059.json

@@ -10,5 +10,6 @@
     "description": "Ensure EFS file system does not use insecure wildcard policies.",
     "reference_id": "AWS.AEFSP.IAM.HIGH.0059",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0464",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_eks_cluster/AWS.AEC.LM.MEDIUM.0071.json

@@ -10,5 +10,6 @@
     "description": "Ensure EKS clusters have control plane logging enabled.",
     "reference_id": "AWS.AEC.LM.MEDIUM.0071",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0465",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_elasticcache_replication_group/AWS.AERG.DP.MEDIUM.0027.json

@@ -10,5 +10,6 @@
     "description": "Ensure Elastic Cache Replication Group is encrypted at rest",
     "reference_id": "AWS.AERG.DP.MEDIUM.0027",
     "category": "Data Protection",
+    "id": "AC_AWS_0466",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_elasticcache_replication_group/AWS.AERG.DP.MEDIUM.0044.json

@@ -10,5 +10,6 @@
     "description": "Ensure Elastic Cache Replication Group is encrypted in transit",
     "reference_id": "AWS.AERG.DP.MEDIUM.0044",
     "category": "Data Protection",
+    "id": "AC_AWS_0467",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.ElasticSearch.IS.MEDIUM.0045.json

@@ -10,5 +10,6 @@
     "description": "Ensure Elasticsearch domains being created are set to be encrypted node-to-node",
     "reference_id": "AWS.ElasticSearch.IS.MEDIUM.0045",
     "category": "Infrastructure Security",
+    "id": "AC_AWS_0468",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_elasticsearch_domain_policy/AWS.AEDP.IAM.HIGH.0060.json

@@ -10,5 +10,6 @@
     "description": "Ensure Elasticsearch domains do not have wildcard policies.",
     "reference_id": "AWS.AEDP.IAM.HIGH.0060",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0469",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_elb/AWS.ELB.LM.MEDIUM.0072.json

@@ -10,5 +10,6 @@
     "description": "Ensure AWS ELB has access logging enabled.",
     "reference_id": "AWS.ELB.LM.MEDIUM.0072",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0470",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_globalaccelerator_accelerator/AWS.AGA.LM.LOW.0073.json

@@ -10,5 +10,6 @@
     "description": "Ensure Global Accelerator accelerator has flow logs enabled.",
     "reference_id": "AWS.AGA.LM.LOW.0073",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0471",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0539.json

@@ -13,5 +13,6 @@
     "description": "It is recommended that the password policy prevent the reuse of passwords.Preventing password reuse increases account resiliency against brute force login attempts",
     "reference_id": "AWS.Iam.IAM.Low.0539",
     "category": "Compliance Validation",
+    "id": "AC_AWS_0472",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_role_policy/AWS.AIRP.IAM.HIGH.0051.json

@@ -7,8 +7,9 @@
         "prefix": ""
     },
     "severity": "HIGH",
-    "description": "Ensure IAM roles do not have any policies attached that may cause priviledge escalation.",
+    "description": "Ensure IAM roles do not have any policies attached that may cause privilege escalation.",
     "reference_id": "AWS.AIRP.IAM.HIGH.0051",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0473",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_iam_user_policy/AC-AW-IA-H-1190.json

@@ -10,5 +10,6 @@
     "description": "It is recommended and considered a standard security advice to grant least privileges that is, granting only the permissions required to perform a task. IAM policies are the means by which privileges are granted to users, groups, or roles. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of granting full administrative privileges.",
     "reference_id": "AC-AW-IA-H-1190",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0474",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.AIUP.IAM.MEDIUM.0049.json

@@ -10,5 +10,6 @@
     "description": "Ensure IAM policies are attached only to groups or roles",
     "reference_id": "AWS.AIUP.IAM.MEDIUM.0049",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0475",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_iam_user_policy_attachment/AWS.AIUPA.IAM.MEDIUM.0050.json

@@ -10,5 +10,6 @@
     "description": "Ensure IAM permissions are not given directly to users",
     "reference_id": "AWS.AIUPA.IAM.MEDIUM.0050",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0476",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_instance/AC-AW-IA-IN-H-0442.json

@@ -10,5 +10,6 @@
     "description": "Ensure that instance launched follows the least privilege principle as this can be related to delivery-exploitation-Installation phases of kill  chain",
     "reference_id": "AC-AW-IA-LC-H-0442",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0477",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_instance/AC-AW-IS-IN-H-0443.json

@@ -10,5 +10,6 @@
     "description": "Security group attached to launch configuration is wide open to internet and this can be related to reconnaissance phase",
     "reference_id": "AC-AW-IS-LC-H-0443",
     "category": "Infrastructure Security",
+    "id": "AC_AWS_0478",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_instance/AC-AWS-NS-IN-M-1172.json

@@ -8,5 +8,6 @@
     "description": "EC2 instances should disable IMDS or require IMDSv2 as this can be related to the weaponization phase of kill chain",
     "reference_id": "AC-AWS-NS-IN-M-1172",
     "category": "Infrastructure Security",
+    "id": "AC_AWS_0479",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_instance/AWS.AI.LM.HIGH.0070.json

@@ -10,5 +10,6 @@
     "description": "Ensure that detailed monitoring is enabled for EC2 instances.",
     "reference_id": "AWS.AI.LM.HIGH.0070",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0480",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_kms_key/AWS.AKK.IAM.HIGH.0012.json

@@ -10,5 +10,6 @@
     "description": "Ensure IAM policies do not have 'Principal' element missing from the policy statement.",
     "reference_id": "AWS.AKK.IAM.HIGH.0012",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0481",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_kms_key/AWS.AKK.IAM.HIGH.0082.json

@@ -10,5 +10,6 @@
     "description": "Ensure KMS key policy does not have wildcard policies attached.",
     "reference_id": "AWS.AKK.IAM.HIGH.0082",
     "category": "Identity and Access Management",
+    "id": "AC_AWS_0482",
     "version": 1
 }

pkg/policies/opa/rego/aws/aws_lambda_function/AWS.LambdaFunction.EncryptionandKeyManagement.High.0471.json

@@ -10,5 +10,6 @@
     "description": "Lambda does not use KMS CMK key to protect environment variables.",
     "reference_id": "AWS.LambdaFunction.EncryptionandKeyManagement.0471",
     "category": "Data Protection",
+    "id": "AC_AWS_0483",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_lambda_function/AWS.LambdaFunction.LM.MEIDUM.0063.json

@@ -10,5 +10,6 @@
     "description": "Ensure AWS Lambda function has policy attached.",
     "reference_id": "AWS.LambdaFunction.LM.MEIDUM.0063",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0484",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_lambda_function/AWS.LambdaFunction.Logging.Low.0470.json

@@ -10,5 +10,6 @@
     "description": "Lambda tracing is not enabled.",
     "reference_id": "AWS.LambdaFunction.Logging.0470",
     "category": "Logging and Monitoring",
+    "id": "AC_AWS_0485",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_lambda_function/AWS.LambdaFunction.Logging.Low.0472.json

@@ -10,5 +10,6 @@
     "description": "Lambda function doesn't not include a VPC configuration.",
     "reference_id": "AWS.LambdaFunction.Logging.0472",
     "category": "Infrastructure Security",
+    "id": "AC_AWS_0486",
     "version": 2
 }

pkg/policies/opa/rego/aws/aws_launch_configuration/AC-AW-CA-LC-H-0439.json

@@ -10,5 +10,6 @@
     "description": "Launch configuration uses IMDSv1 which vulnerable to SSRF",
     "reference_id": "AC-AW-CA-LC-H-0439",
     "category": "Configuration and Vulnerability Analysis",
+    "id": "AC_AWS_0487",
     "version": 1
 }